On Nov 28, 2010, at 10:26 AM, Tom X. Tobin wrote: > No, I'm not thinking of rainbow tables. The key word here is > *single*. As I said before, a salt *does* help against an attacker > trying to brute-force multiple passwords from your database, since he > can't simply test each brute-force result against all your passwords > at once; he has to start all over from scratch for every single > password that has a different salt. If he only cares about one > *particular* account, the salt doesn't help, no.
Even in your scenario, it only helps as much as the entropy in the password selection. If everyone has a unique password, it doesn't help at all (admittedly unlikely). Again, it's a linear benefit, but not an exponential one. Right. So, about that proposal... :) -- -- Christophe Pettus x...@thebuild.com -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
