search for: 1fa176d82af79e879a9efa74c9d1c970

Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow tables. This drastically changes the CPU/storage tradeoffs. >

...alted MD5) at 17579.7 kH/s. As comparison, straight non-salted SHA512 goes at 1402.7 MH/s and MD5 with no salting at 33677.6 MH/s. For reference, DIGEST-MD5 uses MD5(username:realm:password) as the stored credential, which is pretty much straight MD5 for cracking. https://gist.github.com/anonymous/1fa176d82af79e879a9efa74c9d1c970 > > MD5 with or without salt can be ATTAcked at passwords per second speed, > > so using CRAM-MD5 of DIGEST-MD5 is very very poor choice. Anything with > > MD5 should not be used for passwords these days. > > > > With Dovecot 2.3 we are making BLF-CRYPT available on a...