undefined | Better HN

0 pointstptacek16y ago0 comments

Salts. The "Hitler" of computer security discussions.

0 comments

Nah, that'd be one-time pads.

sho16y ago

Yeah, yeah. I'm waiting to hear how you could conceivably brute force the password from that graph (and only that graph) if it had a random per-user salt.

tptacekOP16y ago

I like the authentication system where you are guaranteed a nonce-bearing cookie identifying the user, but still forcing them to type their password. You know, just to be sure.

But I have an improvement on your system. Instead of a 16 bit salt, use a FIVE HUNDRED TWELVE bit salt. That's 32 times the saltiness! But just to trip evil hackers up, why don't you call that salt "PHPSESSIONID". I think that scheme is so salty that you only have to have users type their password just once!

sho16y ago

Right, whatever, I was trying to have an actual conversation.

j / k navigate · click thread line to collapse

0 comments

dfranke16y ago

Nah, that'd be one-time pads.

sho16y ago

Yeah, yeah. I'm waiting to hear how you could conceivably brute force the password from that graph (and only that graph) if it had a random per-user salt.

tptacekOP16y ago

I like the authentication system where you are guaranteed a nonce-bearing cookie identifying the user, but still forcing them to type their password. You know, just to be sure.

sho16y ago

Right, whatever, I was trying to have an actual conversation.

j / k navigate · click thread line to collapse