Salts, randomness and difficulty
#3
Hi Xanadrel, thanks for the reply.
I have used hashcat very briefly, but my purpose here is to write some security guidance rather than to learn Hashcat itself.

I do have one more query:

I have seen several people advocate the use of a 'pepper' or secret salt (some also define it as a MAC) - and others say this is a bad idea. I can understand that your secret may not stay secret due to various human reasons which is bad enough.

Technically though even if you have a hash and a known salt I would expect that an (unknown) pepper would make computing a hash take longer - simply because there are more characters to compute.
I have seen mention that you can somehow isolate a pepper and crack it alone but I don't see how this is possible.. Does hashcat have some particular function or capability in this regard?


Messages In This Thread
Salts, randomness and difficulty - by StuUK - 08-10-2016, 05:21 PM
RE: Salts, randomness and difficulty - by StuUK - 08-15-2016, 10:24 AM