I wrote: > A dictionary attack works by consulting a precomputed set of passwords and > their hashes, (pwd, hash(pwd)). The attacker then runs down the dictionary, > comparing hashes; if they get a hit, they know the password. The salt > defeats this by making the pwd -> hash(pwd) mapping incorrect.
I'm being slightly inaccurate here; what I'm describing above is a rainbow dictionary attack, rather than just a plain dictionary attack (which is a brute force attempt on the password over a limited range of input values). Anyway, a salt isn't helpful for a plain dictionary attack, either, for the same reason as a brute force attack. Anyway, back to the discussion of the actual proposal. :) -- -- Christophe Pettus x...@thebuild.com -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
