Comments on: MD5, ‘rainbow tables’ and security http://the-stickman.com/web-development/md5-rainbow-tables-and-security/ Random developer notes Wed, 03 Aug 2011 09:35:01 +0000 hourly 1 http://wordpress.org/?v=3.2 By: Technology Made Simple http://the-stickman.com/web-development/md5-rainbow-tables-and-security/comment-page-1/#comment-979 Technology Made Simple Sat, 01 Mar 2008 06:15:20 +0000 http://the-stickman.com/web-development/md5-rainbow-tables-and-security/#comment-979 Rainbow tables work great, unless the suggestion mentioned in the provided link is implemented, but how many developers think like that? I know for a fact Wordpress doesn't use this type of security, and it's one of the most popular blogging platforms on the 'net. Thanks for sharing the link, but until the method becomes common practice, I'll continue building rainbow tables. It's fun. -Guy P. www.nullamatix.com Rainbow tables work great, unless the suggestion mentioned in the provided link is implemented, but how many developers think like that? I know for a fact WordPress doesn’t use this type of security, and it’s one of the most popular blogging platforms on the ‘net.

Thanks for sharing the link, but until the method becomes common practice, I’ll continue building rainbow tables. It’s fun.

-Guy P.
http://www.nullamatix.com

]]> By: Stickman http://the-stickman.com/web-development/md5-rainbow-tables-and-security/comment-page-1/#comment-977 Stickman Wed, 26 Sep 2007 07:46:17 +0000 http://the-stickman.com/web-development/md5-rainbow-tables-and-security/#comment-977 From what I understand, salting the password is useful even if the database <i>is</i> compromised. For example, even if you use the same hash for all your passwords, and the attacker knows the salt, then they still need to generate a rainbow table specifically for that salt plus every possible password combination -- i.e. a standard rainbow table won't be valid. If you use a random salt for every row in the database, and the attacker has access to that salt value for each row, they will have to generate an entire rainbow table for <i>each password</i>, which would be an astronomical amount of work. From what I understand, salting the password is useful even if the database is compromised.

For example, even if you use the same hash for all your passwords, and the attacker knows the salt, then they still need to generate a rainbow table specifically for that salt plus every possible password combination — i.e. a standard rainbow table won’t be valid.

If you use a random salt for every row in the database, and the attacker has access to that salt value for each row, they will have to generate an entire rainbow table for each password, which would be an astronomical amount of work.

]]> By: Eli http://the-stickman.com/web-development/md5-rainbow-tables-and-security/comment-page-1/#comment-976 Eli Tue, 25 Sep 2007 23:35:03 +0000 http://the-stickman.com/web-development/md5-rainbow-tables-and-security/#comment-976 This is pretty nifty stuff. Salting a hash is a great way to secure passwords against an attacker who doesn't have access to your database :) This is pretty nifty stuff. Salting a hash is a great way to secure passwords against an attacker who doesn’t have access to your database :)

]]>