|  03-12-2025, 09:23 AM | #2641 | ||
| Grand Sorcerer            Posts: 5,832 Karma: 104935873 Join Date: Apr 2011 Device: pb360 | Quote: 
 Quote: 
 | ||
|   |   | 
|  03-12-2025, 09:47 AM | #2642 | 
| Custom User Title            Posts: 11,334 Karma: 79528341 Join Date: Oct 2018 Location: Canada Device: Kobo Libra H2O, formerly Aura HD | |
|   |   | 
|  03-12-2025, 10:04 AM | #2643 | ||
| Guru            Posts: 822 Karma: 11053908 Join Date: Oct 2016 Location: Somewhere in Time Device: Forma, iPad Mini | Quote: 
 Quote: 
 Longer is better than complicated against brute force attacks. That is, an attacker trying to break into your mobileread account via brute force against the web login interface would need to spend much more time trying to find "correct horse battery staple" than that troubadour mash. Effectively forever for the longer password vs. weeks to months to maybe years for the shorter one, modulo whatever anti-brute force mechanisms mobileread has. But a thing called rainbow tables exists. A rainbow table is a table of precomputed hashes of common passwords, dictionary words, and combinations. If an attacker can get a dump of the account database, they can apply a rainbow table to find matches and recover cleartext passwords in seconds. A variant of this is likely how attackers were able to partially compromise the LastPass account database a few years ago. Long story short: passwords suck. | ||
|   |   | 
|  03-12-2025, 10:05 AM | #2644 | |
| Guru            Posts: 822 Karma: 11053908 Join Date: Oct 2016 Location: Somewhere in Time Device: Forma, iPad Mini | Quote: | |
|   |   | 
|  03-12-2025, 10:45 AM | #2645 | 
| Still reading            Posts: 14,931 Karma: 110908135 Join Date: Jun 2017 Location: Ireland Device: All 4 Kinds: epub eink, Kindle, android eink, NxtPaper | 
			
			No, bad passwords and bad use of them suck. All the alternatives are worse in one way or another. An Alpha tabbed small address book easily manages more than 400 passwords. I duplicate non-critical passwords in the web browser, but Mozilla are arrogant idiots removing the Principle/main/"master" password on the mobile version of Firefox. Their faulty excuse is that the phone/tablet has a password. Moronic. So I don't store any passwords on my phones or tablets. Some browsers don't actually encrypt the stored passwords! Disable all form and financial "memory" on all browsers. Last edited by Quoth; 03-12-2025 at 10:51 AM. | 
|   |   | 
|  03-12-2025, 10:46 AM | #2646 | |
| Onyx-maniac            Posts: 4,115 Karma: 18764971 Join Date: Feb 2012 Device: Nook NST, Glow2, 3, 4, '21, Kobo Aura2, Poke3, Poke5, Go6 | Quote: 
 If you think that it's that easy could you please crack the root password for a NetGear LM1200 modem? This is the factory password, not a personal one. I really could use the answer. Code: root:$1$uH6tuGYf$bjaX370zwmzgNHP/YhrAQ/ I wrote my own password cracker and if the password is "root" or "password" it cracks it inside the blink of an eye. | |
|   |   | 
|  03-12-2025, 11:15 AM | #2647 | ||
| Guru            Posts: 822 Karma: 11053908 Join Date: Oct 2016 Location: Somewhere in Time Device: Forma, iPad Mini | Quote: 
 http://project-rainbowcrack.com/table.htm The largest MD5 hash table is only about 700GB. Most are smaller. Quote: 
 If that's not it then I'm afraid I can't help you at this time but you might find it in one of the tables linked above. | ||
|   |   | 
|  03-12-2025, 11:23 AM | #2648 | ||
| Somewhat clueless            Posts: 788 Karma: 11000001 Join Date: Nov 2008 Location: UK Device: Kindle Oasis | 
			
			Indeed, but I'm very careful.  If I get that wrong, at least I have only myself to blame.   Quote: 
 I'm happy to take that risk with things like my credit cards (where at least the damage is limited by their credit limit, and fraudulent card-not-present use has some protection. I'm not, however, willing to take that risk with, for example, my banking passwords. Quote: 
 | ||
|   |   | 
|  03-12-2025, 11:30 AM | #2649 | ||
| Guru            Posts: 822 Karma: 11053908 Join Date: Oct 2016 Location: Somewhere in Time Device: Forma, iPad Mini | Quote: 
 Quote: 
 | ||
|   |   | 
|  03-12-2025, 11:32 AM | #2650 | ||
| Somewhat clueless            Posts: 788 Karma: 11000001 Join Date: Nov 2008 Location: UK Device: Kindle Oasis | 
			
			It's very standard practice to protect against rainbow table attacks by salting the password hashes.  The attacker would then need a complete rainbow table for each possible salt value.  For a long enough salt, that becomes impractical. Quote: 
 Quote: 
 Last edited by jbjb; 03-12-2025 at 11:41 AM. | ||
|   |   | 
|  03-12-2025, 11:37 AM | #2651 | |
| Somewhat clueless            Posts: 788 Karma: 11000001 Join Date: Nov 2008 Location: UK Device: Kindle Oasis | Quote: 
 Not exactly "trivial". | |
|   |   | 
|  03-12-2025, 11:45 AM | #2652 | 
| Onyx-maniac            Posts: 4,115 Karma: 18764971 Join Date: Feb 2012 Device: Nook NST, Glow2, 3, 4, '21, Kobo Aura2, Poke3, Poke5, Go6 | |
|   |   | 
|  03-12-2025, 11:55 AM | #2653 | |
| Guru            Posts: 822 Karma: 11053908 Join Date: Oct 2016 Location: Somewhere in Time Device: Forma, iPad Mini | Quote: 
 It's all relative. You might not call it trivial, but I don't call it difficult. Getting the database ostensibly is the most difficult step. Once an attacker has that then its just a matter of time until it's cracked. | |
|   |   | 
|  03-12-2025, 11:57 AM | #2654 | |
| Somewhat clueless            Posts: 788 Karma: 11000001 Join Date: Nov 2008 Location: UK Device: Kindle Oasis | Quote: 
 I'll have to think about whether the 128 bit hash of MD5 really limits the number of tables required. The 256 bit salt is added to the reduction-function-generated password at each stage of the hash chain, so even though there are only 2^128 possible hash values it still feels like the 2^256 tables would still be required. I'm not sure, though, to be honest, so I'll have to think about it. For algorithms that generate longer hashes, the 2^256 tables still apply, though, and in any case 2^128 700GB tables is still a bit beyond "trivial" | |
|   |   | 
|  03-12-2025, 12:03 PM | #2655 | ||
| Somewhat clueless            Posts: 788 Karma: 11000001 Join Date: Nov 2008 Location: UK Device: Kindle Oasis | Quote: 
 Quote: 
 | ||
|   |   | 
|  | 
| 
 | 
|  Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post | 
| The Vent and Rant Thread | TadW | Lounge | 38592 | Today 05:54 PM | 
| Query about moderation in the Vent & Rant Thread. | Hitch | Feedback | 14 | 07-16-2016 05:05 PM | 
| Seriously thoughtful why did the vent and rant thread get moved? | kindlekitten | Lounge | 10 | 04-05-2011 04:47 PM |