* Mike Fratto (mfratto@xxxxxxx) wrote:
> Since the salt is known, it has no effect on the "keyspace" because you
> don't have to guess it. If there was no salt, then pre-computing a
> dictionary is a much smaller task.
That's the whole point of the discussion- the way Postgres's pg_shadow
stuff works the salt is known and *because* of that it might as well not
exist since it means that you can pre-compute the keyspace. Knowing the
salt means you can pre-compute the keyspace ahead of time. If you don't
know the salt until you've gained access then you'll have to wait till
then to begin computing the keyspace.
I suppose technically you could start pre-computing the keyspace before
then, but then it's a much larger keyspace which makes it much more
difficult.
Stephen
Attachment:
signature.asc
Description: Digital signature