Qestion about the Slush's pool

[redzero36]

I've been reading this thread for a while now http://"https://bitcointalk.org/index.php?topic=1976.6800" and have read several times that the "passwords where salt and peppered" or even "passwords where salt and peppered and possibly ketchuped"  What? What the heck does that mean?

[rarkenin]

It's a little cryptographic joke. Usually, passwords are stored as a hash, which converts a password of any length to a fixed-length series of bytes. The same password results in the same hash always. This allows a password to be checked by hashing it and comparing it to a stored hash. The password cannot be reasonably deduced from the hash. (Note: Bitcoin mining is a partial reversal of a special hash that will not be discussed in this post). However, salt helps keep the password more secure. There is a lookup table called a rainbow table that allows a hash to be cracked with ease for limited length passwords. By adding a salt(by sticking it on the end of the password at the Slush server before hashing), the hashes are now of a password and a salt. While this does not appreciably slow down bruteforce, rainbow tables are not prepared to deal with an arbitrary salt. Therefore salting secures your password.

Now the pepper is just a joke as salt often is used with pepper. Ketchup is another condiment.

[guitarplinker]

Thanks for the explanation, even though I'm not the OP. Interesting to know.

[H4sh]

At my company, we call "pepper" the act of creating an account with a known password before stealing the hashed passwords. We turned a joke into a descriptor.

[redzero36]

haha so thats what it means.  Thanks rarkenin

[MadHasher]

Kind sucks that I can only post here, for now, but here it goes.

If someone not a newbie can read this, please PM slush saying he has not updated the DNS for api-stratum.bitcoin.cz and my miners hadn't switched from the compromised machine on OVH.

Best regards