3 Jul
2008
3 Jul
'08
4:45 a.m.
but how do you know that it exists as a shared string?
Unimportant. If it ever does, the system, as a whole, is vulnerable to that sort of attack. If it presents one million strings, that is a significantly smaller set to search than the total number of possible passwords.