blueflower icon indicating copy to clipboard operation
blueflower copied to clipboard

Published 20 hours ago verified publisher icon veorq

per-hashes-file salt instead of per-secret salt

Open philsnow opened this issue 7 years ago • 2 comments

If I understand correctly, a blueflower hashes file contains a single salt that is used for all the secrets in that file.

An attacker would have to recalculate rainbow tables once (taking into account this one salt) to then efficiently try to reverse the hashes in the file. A salt-per-secret model would be stronger.

philsnow avatar Jan 31 '17 21:01 philsnow

That could be an optimization indeed, I may implement it later, or happy to take a PR :)

veorq avatar Feb 01 '17 06:02 veorq

I think the PR above (#8) fixes this issue :) Can be closed

cc @philsnow

JulesDT avatar Jul 26 '18 15:07 JulesDT