, SecurityFocus 2005-11-09
A trio of entrepreneurial hackers hope to do for the business of password cracking what Google did for search and, in the process, may remove the last vestiges of security from many password systems.
Expand all |
Post comment
Gold at the end of rainbow cracking?
2005-11-09
Anonymous (4 replies)
Anonymous (4 replies)
Re: Gold at the end of rainbow cracking?
2005-11-10
Anonymous (1 replies)
Anonymous (1 replies)
Re: Re: Gold at the end of rainbow cracking?
2005-11-10
Anonymous (2 replies)
Anonymous (2 replies)
Gold at the end of rainbow cracking?
2005-11-10
Mike B (3 replies)
Mike B (3 replies)
Gold at the end of rainbow cracking?
2005-11-11
Anonymous (1 replies)
Anonymous (1 replies)
The answer is, not at all. That is not what this attack does; this attack is for determining the actual password after an (unsalted) password hash has been obtained by some other means.
"There must be tools in existance that will lock an account after, say, 10 incorrect login attempts"
Yes there are, and have been for a long time. But that is not relevant to this, two ways:
a) this isn't an attack on Windows or Unix logins, it's more for badly implemented web sites; and
b) it's an off-line attack, so you there's no need to make repeated guesses at the target site -- once you've looked up the hash in the rainbow table, you know the password and can simply login.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/11355/32718#32718