I didn't complain about anyone. The Okta vulnerability isn't because of public salts.
No, rainbow tables are hash-input specific. They're user-specific only if the salt is user-unique. Usernames aren't normally part of the hash input because they're assumed-public knowledge. You can test this for…
Because bcrypt is still viable. Its cost factor is easily scaled to commodity performance, keeping the attack cost high. The main attack vector these days is GPU-based compute. There, SHA* algorithms are particularly…
Desktop and phone: Firefox + uBlock. Router is OPNsense with its own validating recursor, domain blacklist, and routing blackhole. Phone runs a private VPN to my router when not on my home network.
I didn't complain about anyone. The Okta vulnerability isn't because of public salts.
No, rainbow tables are hash-input specific. They're user-specific only if the salt is user-unique. Usernames aren't normally part of the hash input because they're assumed-public knowledge. You can test this for…
Because bcrypt is still viable. Its cost factor is easily scaled to commodity performance, keeping the attack cost high. The main attack vector these days is GPU-based compute. There, SHA* algorithms are particularly…
Desktop and phone: Firefox + uBlock. Router is OPNsense with its own validating recursor, domain blacklist, and routing blackhole. Phone runs a private VPN to my router when not on my home network.