Thread: The Technology Vent and Rant Thread
View Single Post
Old 03-12-2025, 12:18 PM   #2656
jbjb
Somewhat clueless
jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.jbjb ought to be getting tired of karma fortunes by now.
 
Posts: 772
Karma: 9999999
Join Date: Nov 2008
Location: UK
Device: Kindle Oasis
Quote:
Originally Posted by ratinox View Post
Once they identify how the salts are generated they can use this to generate custom tables, which is orders of magnitude faster than brute force and doesn't require infinite storage.
It's still the same effort to build the custom table as it is to brute-force a single password - you still have to compute the hashes of all the possible passwords if you want the table to be complete.

Even for a short-ish (10 characters or so) password that takes a lot of compute, particularly if a deliberately compute-intensive hash algorithm (nested hashes, bcrypt etc.) is used.

The point of rainbow tables is that you only have to do that once to attack many passwords with the same hash - you still need to generate a separate table for each salt.
Last edited by jbjb; 03-12-2025 at 12:23 PM.
jbjb is offline   Reply With Quote