Reply to post: Please pass the self-salt...

L0phtCrack's back! Crack hack app whacks Windows 10 trash hashes

JeffyPoooh Silver badge
Pint

Please pass the self-salt...

What if the input script accepted the new password (PW$), and then created a salted repeated-password string like this:

SaltedPW$ = Salt0$ + PW$ + Salt1$ + PW$ + Salt2$ + PW$ + Salt3$ + PW$ + Salt4$

Then send that away for hashing and storage.

The human user only needs to remember their wee little PW$.

Signing In uses the same concatenation technique, before the hash comparison.

But the Crackers with the stolen hash file need to de-hash these SaltedPW$ monsters. Yeah, good luck.

I hope that this helps.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019