![]() Including a random value, along with the password, as input to the hash computation ("salting").The amount of memory required to compute the hash ("memory-hard" operations).The amount of CPU time required to compute the hash ("stretching").There are several properties of a hash scheme that are relevant to its strength against an offline, massively-parallel attack: In such a scenario, an efficient hash algorithm helps the attacker. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing (such as cloud computing) and GPU, ASIC, or FPGA hardware. If an attacker can obtain the hashes through some other method (such as SQL injection on a database that stores hashes), then the attacker can store the hashes offline and use various techniques to crack the passwords by computing hashes efficiently. However, this efficiency is a problem for password storage, because it can reduce an attacker's workload for brute-force password cracking. Many hash algorithms are designed to execute quickly with minimal overhead, even cryptographic hashes. ![]() ![]() In this design, authentication involves accepting an incoming password, computing its hash, and comparing it to the stored hash. Many password storage mechanisms compute a hash and store the hash, instead of storing the original password in plaintext. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |