Gold at the end of rainbow cracking?

Gold at the end of rainbow cracking?
Robert Lemos, SecurityFocus 2005-11-09

A trio of entrepreneurial hackers hope to do for the business of password cracking what Google did for search and, in the process, may remove the last vestiges of security from many password systems.

Expand all | Post comment

Gold at the end of rainbow cracking? 2005-11-09
Anonymous (4 replies)

One topic that is interesting in this discussion, particularly given its absence is the process of "salting" - adding a random string to password and the hash.

Ok - so the default unix variety that addes two characters isn't a particularly great enhancement, but by adding an extra 64bits (or more) to the begining of the hash you add an awful lot of extra combinations to be included in rainbow tables.

Additionally - authentication hashes can, to a certain extent be "computationally" expensive - again making rainbow tables more time consuming to generate - does this solve the basic problem ? Not really ... but then again there isn't going to be a "perfect" system.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11355/32701#32701

Re: Gold at the end of rainbow cracking? 2005-11-10
Anonymous (1 replies)

Re: Re: Gold at the end of rainbow cracking? 2005-11-10
Anonymous (2 replies)

Re: Re: Re: Gold at the end of rainbow cracking? 2005-11-10
Anonymous

Re: Re: Re: Gold at the end of rainbow cracking? 2005-11-11
Anonymous (2 replies)

Re: Re: Re: Re: Gold at the end of rainbow cracking? 2005-11-14
Anonymous

No, it's not practical to lookup salted passwords 2005-11-14
Roger

Re: Gold at the end of rainbow cracking? 2005-11-11
Roger

Re: Gold at the end of rainbow cracking? 2005-11-11
Anonymous

Re: Gold at the end of rainbow cracking? 2005-12-12
Anonymous

Gold at the end of rainbow cracking? 2005-11-09
Elio

Gold at the end of rainbow cracking? 2005-11-10
Anthony LAI, CISSP, CISM (1 replies)

Re: Gold at the end of rainbow cracking? 2005-11-10
Anonymous