Monday, September 17, 2007

Rainbow table attacks

There's a lot of chat on the ether about Rainbow table cracking.

What is this? Essentially it's a huge text file of precomputed hashes for every (or a LOT) combination of characters.

eg Fgpyyih804423 can be cracked in 160 seconds! :)

Of course, this takes space. From 400MB to 8.7G. That doesn't sound a lot nowadays does it? that why people are starting to get concerned.

It takes a lot of time to generate these, but once they are out there... and you can download them and not to take the compute hit... hmmm..

Now is the time to start thinking about how you are storing your passwords. Your an idiot (yes you are) if it's plaintext in the dbase. Using a salt is very important and can minize the effectiveness of these type of attack. Using MD5 as a hashing algorithm isn't that great as its fast. Fast helps the cracker.. Blowfish is preferable.

Anyways.. heres a link explaining the attack and another very interesting one from a security bloke.

No comments: