Jim Lawrence
accessd at shaw.ca
Thu Aug 11 09:32:14 CDT 2011
Here is some info on Rainbow tables which are used in the algorithms in crack password hashes: http://en.wikipedia.org/wiki/Rainbow_table This method can crack a 12 character Access password in about 3 seconds using a standard desktop. After that resources and processing requirements starts going up exponentially. A 20 character password is supposed to be virtually uncrackable. If you are managing your own passwords or login: "Defense against rainbow tables A rainbow table is ineffective against one-way hashes that include salts. For example, consider a password hash that is generated using the following function (where "." is the concatenation operator): saltedhash(password) = hash(password.salt) Or saltedhash(password) = hash(hash(password).salt) The salt value is not secret and may be generated at random and stored with the password hash. A large salt value prevents precomputation attacks, including rainbow tables, by ensuring that each user's password is hashed uniquely. This means that two users with the same password will have different password hashes (assuming different salts are used). " If you want to play with Rainbow tables check the following out: http://www.freerainbowtables.com/ ...and here is the best 'free' demo for hacking against your old XP and Vista/Windows7 box: http://ophcrack.sourceforge.net/tables.php Jim -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Stuart McLachlan Sent: Wednesday, August 10, 2011 3:27 PM To: 'Off Topic'; 'Discussion of Hardware and Software issues' Subject: Re: [dba-Tech] [dba-OT] Cross post - Password security An interesting difference of opinion between the two. I go along with xkcd "aA4!aaaa" is no more secure that "aaaaaaaa" as long as there is the *potential* for the password to contain uppercase,digits and special characters. -- Stuart On 10 Aug 2011 at 22:37, Jon Tydda wrote: > That's what I posted on my wall that the GRC one was a reply to :-) > > > Jon > > -----Original Message----- > From: dba-ot-bounces at databaseadvisors.com > [mailto:dba-ot-bounces at databaseadvisors.com] On Behalf Of Stuart > McLachlan Sent: 10 August 2011 22:24 To: 'Off Topic'; 'Discussion of > Hardware and Software issues' Subject: Re: [dba-OT] [dba-Tech] Cross > post - Password security > > Talk about co-incidence. Today's xkcd: > > http://xkcd.com/936/ > > > > -- > Stuart > > On 10 Aug 2011 at 20:57, Jon Tydda wrote: > > > Hi all > > > > Someon'e just posted this on my wall on facebook, and it looks > > really interesting, thought I'd share it. > > > > https://www.grc.com/haystack.htm > > > > > > Jon > > _______________________________________________ > > dba-Tech mailing list > > dba-Tech at databaseadvisors.com > > http://databaseadvisors.com/mailman/listinfo/dba-tech > > Website: http://www.databaseadvisors.com > > > > > > _______________________________________________ > dba-OT mailing list > dba-OT at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-ot > Website: http://www.databaseadvisors.com > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com