# HG changeset patch # User Christian Urban # Date 1411722106 -3600 # Node ID 6ed7c9b8b291ef4bb3a8bea94c728b62e1a57363 # Parent 681e35f6b0e470c98412128c4d9b82d7024325a7 updated diff -r 681e35f6b0e4 -r 6ed7c9b8b291 handouts/ho01.pdf Binary file handouts/ho01.pdf has changed diff -r 681e35f6b0e4 -r 6ed7c9b8b291 handouts/ho01.tex --- a/handouts/ho01.tex Fri Sep 26 02:42:00 2014 +0100 +++ b/handouts/ho01.tex Fri Sep 26 10:01:46 2014 +0100 @@ -484,7 +484,7 @@ compiling a list for a dictionary attack is not as simple as it might seem. At the beginning only ``real'' dictionaries were available (like the Oxford English Dictionary), but such -dictionary are not ``optimised'' for the purpose of passwords. +dictionaries are not ``optimised'' for the purpose of passwords. The first real hard date was obtained when a company called RockYou ``lost'' 32 Million plain-text password. With this data of real-life passwords, dictionary attacks took off. @@ -536,7 +536,8 @@ as shown above and is actually stored as part of the password entry. Knowing the salt does not give the attacker any advantage, but prevents that dictionaries can be precompiled. - +The moral is that you should never store passwords in plain +text. Never ever. \end{document}