http://qs321.pair.com?node_id=834167


in reply to Re: Creating a rainbow table for a ten-digit number: Advice?
in thread Creating a rainbow table for a ten-digit number: Advice?

Not without the salt they can't.

  • Comment on Re^2: Creating a rainbow table for a ten-digit number: Advice?

Replies are listed 'Best First'.
Re^3: Creating a rainbow table for a ten-digit number: Advice?
by ww (Archbishop) on Apr 12, 2010 at 01:44 UTC

    So you're going to rely on the data-collectors' memories to enter and re-enter the salt reliably hundreds or thousands of times (without reminders on yellow stickies "hidden" somewhere accessible)?

    And the salt will also be long enough to make deducing it from data available on the laptop(s) difficult enough that it will pass muster with your (hypothetical?) non-naive, non-ignorant ethics committee?

    Do you see any conflict among these notions?

    Was it the Red Queen or a Philadelphia comedian who "practice(d) believing two mutually contradictory notions before breakfast every day?"
    Neither?
    Well, how about Orwell's "doublethink?"

[reply]

      So you're going to rely on the data-collectors' memories to enter and re-enter the salt reliably hundreds or thousands of times

      The clerk only needs to enter the code whenever the application is launched, not for every record.

[reply]
Re^3: Creating a rainbow table for a ten-digit number: Advice?
by ikegami (Patriarch) on Apr 12, 2010 at 01:14 UTC
    If they have access to the hashed ids on the laptop, they have access to the salt on the laptop too.
[reply]

      Not if it is entered manually each time the app is run and never stored to disk.

[reply]

        Ok, so there exists a secret string. Don't use it as the salt to a hashing function, use it as the key to an encryption function. This whole hashing thing is nonsense.

[reply]

        Bingo. Good thought though.

[reply]

In Section Seekers of Perl Wisdom