mailing list archives
Re: MySQL Local/Remote FAST Account Password Cracking
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 4 Dec 2012 14:18:42 -0500
On Mon, Dec 3, 2012 at 1:13 PM, king cope
<isowarez.isowarez.isowarez () googlemail com> wrote:
Since the SALT does not change (and this is the weak point) in the
it is a convenient way to crack passwords. (When connecting to mysql
in each connection
attempt the SALT is always different and sent out by the server).
Somewhat relevant here.... Salt has been recently shown to be a good
thing: "Multi-Instance Security and
its Application to Password-Based Cryptography"
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/