Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
stavros
on June 14, 2011
|
parent
|
context
|
favorite
| on:
A possible flaw in open-source bcrypt implementati...
I'm guessing it would make brute forcing about 40 times easier.
tptacek
on June 14, 2011
|
next
[–]
Which is a statement not unlike talking about making it 40 times easier to travel to the Andromeda galaxy.
stavros
on June 14, 2011
|
parent
|
next
[–]
Indeed.
djmdjm
on June 14, 2011
|
prev
|
next
[–]
Bear in mind that the likelihood here is something like 2^-186
daeken
on June 14, 2011
|
prev
[–]
It would make it 256 times easier, reducing the keyspace by ~4.16%.
tedunangst
on June 15, 2011
|
parent
|
next
[–]
Reducing the log of the keyspace by 4.16%, which is not a particularly interesting measurement.
Reducing a key by 8 bits reduces the key space by 255/256, regardless of key size.
stavros
on June 14, 2011
|
parent
|
prev
[–]
I don't see how that can be, given that the character that's chopped off can take one of 40 values... Or is it case sensitive? Still, nowhere near 256.
daeken
on June 14, 2011
|
root
|
parent
[–]
It's not b64 encoding the final byte of the hash, not dropping a b64 character.
stavros
on June 14, 2011
|
root
|
parent
[–]
Ah, I see. You are correct, then. Also, that would make it 64 times, if I were right, it seems.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
