Soldato
That's how things work. You add salt to spoil the hash as a means to combat rainbow tables.
To quote Tom Hardy's Bronson:
"You-****in'-what?"
That's how things work. You add salt to spoil the hash as a means to combat rainbow tables.
To quote Tom Hardy's Bronson:
"You-****in'-what?"
Hashes are reversible. A 'rainbow table' is a list of words that have been hashed that you can compare the hash you have to.
Hashes are reversible. A 'rainbow table' is a list of words that have been hashed that you can compare the hash you have to. Salting them means you can't do this because the hash has been randomised in a way that only the server understands. Kind of.
Sorry to be pedantic (I've not watched the video so not sure if it explains it further) but the entire point of hashes is that they aren't "reversible" in a security context. That's what encryption is for.
http://www.securityinnovationeurope.com/blog/whats-the-difference-between-hashing-and-encrypting
It's for this reason that rainbow tables exist, as people are just noting down the resulting hash from common passwords (with a table for each hashing algorithm) as, at present, there's no other way to work backwards.
So yeah, just be mindful of your language used as a lot of misconceptions, and in turn problems, result from the improper use of specific language around this area.
Does adding vinegar as well as salt make any difference? Or do the hashes just get a bit soggy?
Hashes are irreversible. It is not possible to determine the original value of a hash from the hash alone.
To quote Tom Hardy's Bronson:
"You-****in'-what?"
4fc9baf210346939946d5a49f255588b
eda07cf772f75b895980e356d235fb28
Are we just going keep hashing this out? The point is unsalted hashes can be *insert whatever word you deem to be suitable here* and thus compromised.
Talking about security is worse than talking to the network guys!
Saved for posterityThankfully I use 1Password
Pen, notebook, drawer. If anyone gets at your passwords there, you have larger problems to worry about
So I use 2FA, should I still change my master password?
Edit: Yeah, I think mine needs a bit of work...