View Single Post
Old 03-12-2025, 11:32 AM   #2650
jbjb
Somewhat clueless
jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.
 
Posts: 780
Karma: 10535853
Join Date: Nov 2008
Location: UK
Device: Kindle Oasis
Quote:
Originally Posted by ratinox View Post
But a thing called rainbow tables exists.
It's very standard practice to protect against rainbow table attacks by salting the password hashes. The attacker would then need a complete rainbow table for each possible salt value. For a long enough salt, that becomes impractical.

Quote:
A rainbow table is a table of precomputed hashes of common passwords, dictionary words, and combinations.
There's much more to it than that. It's certainly not restricted to common passwords etc. - the table will yield the hashes of any password generated by the reduction function from any of the other hashes in each chain (and it doesn't actually store any hashes, just the first and last password in each chain).

Quote:
If an attacker can get a dump of the account database, they can apply a rainbow table to find matches and recover cleartext passwords in seconds.
Not if it's adequately salted.

Last edited by jbjb; 03-12-2025 at 11:41 AM.
jbjb is offline   Reply With Quote