[TriLUG] don't understand salt

Cristóbal Palmer cmp at cmpalmer.org
Mon Jun 11 13:04:33 EDT 2012


On Sat, Jun 9, 2012 at 8:53 PM, Igor Partola <igor at igorpartola.com> wrote:
> Glad to help out. I am honestly not an expert. That email is pretty much
> all I know on the subject. I am sure someone else can speak much more about
> this and related topics such as how to find good hash functions, how to
> tune the work factor, etc.

I have met people who use bluster to mask ignorance. Your statements
on the limits of your understanding inspire more confidence, not less.
That is, I'm inclined to trust you and your earlier (very clear and
cogent) email over an arbitrary stranger who claims to be a an expert
on these issues unless there's compelling support to their claim of
expertise.

> Not that I don't love doing talks like this, but people probably shouldn't
> trust my advice on the subject of security.

The great thing is that there are tons of resources out there that
people can use to cross-check what you've said. For example, this
article is relevant:

http://queue.acm.org/detail.cfm?id=2254400&ref=fullrss

If you were to decide to give a talk on this topic, I'm sure we could
make sure you had enough lead time to prepare and support to give the
talk at the level you'd want to see it given.

Cheers,
-- 
Cristóbal Palmer
cmpalmer.org



More information about the TriLUG mailing list