Are hashed and salted passwords secure against dictionary attacks?

后端 未结 5 1616
长发绾君心
长发绾君心 2021-01-17 23:24

I understand that salts make the same password hash to different values. However, salts are usually stored in the database with the password. So let\'s say I am attacker,

5条回答
  •  醉梦人生
    2021-01-18 00:08

    That's correct. If someone got the password material, a dictionary attack would be effective.

    To guard against this:

    • Make sure your passwords aren't subject to dictionary attacks.
    • Make sure your password file (/etc/shadow) is readable only by root.

提交回复
热议问题