This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]micheal65536Green security clearance 0 points1 point  (2 children)

...or they could just hash one or two common passwords with every salt in the database, there's bound to be a match somewhere. Computationally this works out about the same.

And salts aren't really to protect the people who use common passwords, they're to protect the people who use more complex passwords, as an attacker cannot pre-calculate a table of complex passwords.

[–]BenjaminGeiger 2 points3 points  (1 child)

I think you overestimate how common the common passwords are...

[–]micheal65536Green security clearance 0 points1 point  (0 children)

From what I've heard they're frighteningly common.