Quote:
Originally Posted by cromag
Actually, passwords are stored in encrypted form in all modern systems. Now that the encrypted passwords are in files on third-party machines they can be subjected to "brute force" type decryption (comparing them against entries in an encrypted dictionary, for instance) without worrying about being locked out for excessive trials and errors.
Its an arms race.
|
I wouldn't really consider it brute force.
Usually, when the databases are copied, they compare the hashes against a rainbow table. A rainbow table is a giant database that basically has gone through and has a listing of every possible combination for a given encryption scheme. It sorts through it till it has a hash match, and then since the rainbow table has a listing of what the unencrypted value is, it just spits out the result.
Brute force is when you (or a program), goes through and tries each and every password while live. Big difference is you leave way more evidence behind with brute force, and it is much slower (has to wait for a response, workload isn't usually distributed, etc).