I was reading that the designers of UNIX password algorithm used a 12 bit salt to modify the E-table of the unix hashing function (the DES). Supposing i have a system with 2^(24) users?
Is that ever possible to user dictinary attack? and if so how long would it take? years??
I am really new on computer security
sorry editing: I am not sure what unit time i guess i have to assuming bytes per minute depending on my code?
The reason I am asking is for a project where one of the questions states: "Consider a system with 2^24 users. Assume that each user is asssigned a salt from a uniform random distribution and that anyone can read the password hashes and salt for users." WHat is expected time to find all users' passwords using dictionary attack?"
thanks very much
Sounds like a homework question that is expecting a formula as an answer. Way too many things unspecified. In particular, a dictionary could be precomputed with all possible salts (2^12 = 4096, not that big) for one password. If all 2^24 users used that same one password, then every password would be in the dictionary and the question is what is the expected time to do 2^24 lookups into a table of 4096. On the other hand, if none of the users passwords are in the dictionary, then you will never find the password using a dictionary attack unless you stumble upon a hash collision.
Probably better asked on security.stackexchange.com