Security Basics
Fwd: Rainbow Tables Aug 02 2013 06:36AM
Syn Ack (synackackack gmail com) (1 replies)
Re: Fwd: Rainbow Tables Aug 06 2013 05:04PM
Michael Peppard (mpeppard impole com) (1 replies)
"Finally, given salt predominantly in use in modern password hash
schemes, pen testing in realistic modern conditions, are rainbow
tables still of value?"

The sole purpose of salt is to make rainbow tables extinct. It has no
other value as crackers have P(p+s) and P(s+p) brute force and
dictionary algorithms that take salt into account. BUT, no matter how
long your password and salt, eventually someone will have a rainbow
table for it, so a big salt is mandatory. Rainbow tables may or may not
compete with dictionary attacks, but they blow away brute force attacks.
Today p+s should be larger than 14 as rainbow tables of 14 including all
special characters are available online for free. I suggest a much
bigger salt as the table size and memory requirements of huge rainbow
tables are not out of the reach of a new home gaming computer.

In other words, rainbow tables will always be a threat that has to be
kept ahead of.

Due to backward compatibility issues rainbow tables have high value
against windows machines and windows servers, except the AD "local"
cache which can be salted.


Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442

[ reply ]
Re: Fwd: Rainbow Tables Aug 06 2013 07:49PM
Jeffrey Walton (noloader gmail com) (1 replies)
RE: Fwd: Rainbow Tables Aug 07 2013 08:10AM
Nwadinobi, Edward (Edward Nwadinobi uk daiwacm com)


Privacy Statement
Copyright 2010, SecurityFocus