Coffeehouse Post

Single Post Permalink

View Thread: Apparently the IPO didn't fund Linkedin enough to hire decent programmers
  • User profile image

    , 01001001 wrote

    It doesn't matter what algorithm you use (short of a public/private key). As long as you have the salt, you can run a dictionary against the sums, MD5, SHA1, ect...

    The salt can be computed from the hash of one single username which you know the password to.

    Dictionary attacks can only suceed if your password is in the dictionary in questions. There are plenty of well known ways of securing passwords, it's really a shame we've done such a bad job of explaining them as opposed to pushing people in the direction of "complex" passwords full of numbers and symbols, which all too often rely on basic substitution techniques.