A Procedure To Harden Salting

Yesterday I piloted the idea of using vector matrices to defeat salting. I noted that the salt need not be in a small range; this might still fall to investigations of multiple instances. Whatever variety of possibilities, the step from one to the next in a series will be constant.

If we defeat salting, we might defeat the effective benefit of hashing altogether. I advance a possible solution from the memory of an embarrassing mistake.

If my salt has become compromised, I can seek a remedy by introducing variations between steps. This is not what we expect from a deterministic hash, so what am I suggesting? 

In the algorithm, the stepping is by one pass of the hash algorithm. Although it is inefficient, I can vary the stepping by taking two hexadecimal numerals from a fixed offset within my hash, converting them to an integer, and choosing to step by a number of hash passes equal to that integer.

Because the hash is deterministic, the resulting list would always be the same, but the vector algebra problem would be multiplied.

Pseudorandom stepping solves the problem; we can experiment with other sources of pseudorandomness.

A unavoidable contraindication is that ultimately, our product key checking slows down.

Comments

Post a Comment

Popular posts from this blog

DRM and Password Authorization

We log in online and are accustomed to being refused service if we supply an incorrect username/password combination.  We persecute "plain-text offenders" and rightly expect to benefit from comparing a hash fingerprint of the credential presented online to a list of hash fingerprints, each paired with a username. Even better if the username is hashed as well. The knowledge gained from online handshakes can benefit us in digital rights management.  It has long been the case that we could obfuscate a password literal in source code by compiling it into object code. However, decompilers provide assembler code that can reconstruct the source code without descriptive variable names and make string values stand out. Now, we can construct a creative solution. We can designate a username/password combination to COMPILE SOURCE UNIQUELY FOR EACH USER. To hide it in the object code, we hash the username and password with a published hash algorithm and use the hash-fingerprint literal in...
Read more

A "Secure" OS made PRACTICAL

I can remember suggesting a theoretical Operating System that requires object code to be compiled in such a way that a decryption key is required for a program object to execute. The program object itself would execute unencrypted in RAM.  I cannot find the entry at the moment, but I have also suggested an OS that uses an RSA key for program installation. Separately, I have contemplated a Linux user, organized such that the encrypted home folder appeared as an UNMOUNTED container over IP, while operating as a MOUNTED container locally, for the profile user. This would defeat some purposes of SSH, but would harden the installation against data theft over IP.  Now, with the development of an offline username/password for a program, I am asking myself if I cannot effectively suggest a practical (as opposed to theoretical) arrangement, whereby the program presents a credential (or two - username/password) to the OS, for permission to execute. Clearly, multiple program objects w...
Read more

How to best the Bitcoin cryptocurrency lotto;

A  hi-speed box is prerequisite; emphasis on read/write speeds on duel 4T SSDs. 32 GB Hi speed RAM; overclocked Core I5 12600 or Core I7 22700. I estimated 32 or 64 units… An ASIC is a circuit that provides a hash value that (critically) BEGINS with &h0000. Time to calculate/randomly poll for these is the intractable problem. Example: When you play TX lotto, EVERY entry has same probability. Buuut; if you play A SINGLE unique entry repeatedly, it has the same probability the FIRST time. However, thereafter, the winning solution becomes constrained to be x + (n) / total possible. Since the requirement to win BECOMES x2 AND ~x1. Else the entry would have won before.  While this is statistically insignificant, we can capitalize within the cryptomining protocol. After completing a bid, whether successful or unsuccessful instead of discarding the HASH, we can proceed to play the same number again. Starting with &h0000, and hashing once per round, as prescribed. But to ...
Read more