> So you can download a db of MD5 hashes of all 6 > character strings with a character space of A-Za-z0-9 for instance.
Usually you just by a hard drive pre loaded with the DB. $300 to $1000 will get you the fruit of months/years of someone else's work-- a database or series of databases ranging from GBs to TBs. I tried to create some rainbow tables of SHA-1 hashes once as an experiment. It was slow as heck, and I didn't get past 5 character alpha/numeric combinations before I already had 4 Gigs of data and it was growing exponentially. A 20 character salt of special characters like Judah suggested will generally put the number of possible hashes into the stratosphere and effectively rule out brute force. Social engineering is sadly MUCH easier. Have you ever called up your ISP to have them reset an account password only to hang up and realize they didn't ask you a shred of verification information? You can't overlook those kind of weak links either when it comes to security. ~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317977 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
