the salt should be a psuedo-random 12bit number. This means that if you create a rainbow table based on one 12bit salt, it's useless for any other salt value and therefore username.
So we are really limited to brute force and dictionary attacks, where every attempted password string is then hashed along with every 12bit salt value. It slows it down slightly, but it still works.
__________________
Xatar
000xatar000
Give a man a fire, and he'll be warm for a day. Set the man on fire, and he'll be warm for the rest of his life.
They did give a million monkeys a million typewriters, it's called the internet.
|