On 2014-04-23 11:34, Ed Leafe wrote:
On Apr 23, 2014, at 10:30 AM, Rafael Copquin <[email protected]>
wrote:
What is a "rainbow table" ?
Sort of a reverse directory. If you take the most common things that
people use for passwords and hash them with basic techniques, you get
a table of values that you can then use to look up the original
password. Example: let's say you're totally lame and use 'password' as
your password. The MD5 hash would be
'5f4dcc3b5aa765d61d8327deb882cf99'
Now if someone gets access to the user info tables, and sees a user
whose hashed password is '5f4dcc3b5aa765d61d8327deb882cf99', you know
their original password.
Hence why you'd "salt" it by adding some extra string to the password
before saving it. Some on here have talked about random salts, but that
gives me a headache. How would you keep track of the random salt?
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
