Security Basics mailing list archives
Re: Fwd: Rainbow Tables
From: Michael Peppard <mpeppard () impole com>
Date: Tue, 06 Aug 2013 13:04:00 -0400
"Finally, given salt predominantly in use in modern password hash schemes, pen testing in realistic modern conditions, are rainbow tables still of value?" The sole purpose of salt is to make rainbow tables extinct. It has no other value as crackers have P(p+s) and P(s+p) brute force and dictionary algorithms that take salt into account. BUT, no matter how long your password and salt, eventually someone will have a rainbow table for it, so a big salt is mandatory. Rainbow tables may or may not compete with dictionary attacks, but they blow away brute force attacks. Today p+s should be larger than 14 as rainbow tables of 14 including all special characters are available online for free. I suggest a much bigger salt as the table size and memory requirements of huge rainbow tables are not out of the reach of a new home gaming computer. In other words, rainbow tables will always be a threat that has to be kept ahead of. Due to backward compatibility issues rainbow tables have high value against windows machines and windows servers, except the AD "local" cache which can be salted. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Fwd: Rainbow Tables Syn Ack (Aug 01)
- Re: Fwd: Rainbow Tables Michael Peppard (Aug 06)
- Re: Fwd: Rainbow Tables Jeffrey Walton (Aug 06)
- RE: Fwd: Rainbow Tables Nwadinobi, Edward (Aug 07)
- Re: Fwd: Rainbow Tables Jeffrey Walton (Aug 07)
- Re: Fwd: Rainbow Tables Jeffrey Walton (Aug 06)
- Re: Fwd: Rainbow Tables Michael Peppard (Aug 06)
- <Possible follow-ups>
- Re: Fwd: Rainbow Tables rstackackack (Aug 05)