Windows passwords safe? - Rainbow Hash Cracking
To understand how rainbow tables work, you first have to understand how passwords are stored on computers, whether on your own desktop, or on a remote web server somewhere.
Passwords are never stored in plaintext. At least they shouldn't be, unless you're building the world's most insecure system using the world's most naïve programmers. Instead, passwords are stored as the output of a hash function. Hashes are one-way operations. Even if an attacker gained access to the hashed version of your password, it's not possible to reconstitute the password from the hash value alone.
But it is possible to attack the hashed value of your password using rainbow tables: enormous, pre-computed hash values for every possible combination of characters. An attacking PC could certainly calculate all these hashes on the fly, but taking advantage of a massive table of pre-computed hash values enables the attack to proceed several orders of magnitude faster-- assuming the attacking machine has enough RAM to store the entire table (or at least most of it) in memory. It's a classic time-memory tradeoff, exactly the sort of cheating shortcut you'd expect a black hat attacker to take.
Link:
http://www.codinghorror.com/blog/archives/000949.html
posted by Veign at
6:58 PM
2 Comments:
I saw that, too...really freaked me out!!
By
sarahintampa, at 8:15 PM EST
Show that people need to start getting away from passwords and start using pass phrases. Not only are they much more secure that are easier to remember.
By
Veign, at 8:41 PM EST
Post a Comment
Links to this post:
Create a Link
<< Home