On 2017-03-27 23:49, Greg Freemyer wrote:
On Mon, Mar 27, 2017 at 5:26 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
You know about rainbow tables, right?
Yes. Not something in my realm, but I did read about them.
Very worth learning about.
Let's say you have the most crazy 10-char password in the world. No one in the universe has ever used it before.
But the bad guys have put together a rainbow table of "every password under the rainbow" with 10 chars or less.
They pull your "hashed' password out of word doc / pst and do a reverse look-up. Your password is now known.
Salt changes that. You'd need a rainbow table for each salt value (as I understand it). The trouble is MS didn't start salting hashed passwords until 10 years ago or so. (As I recall.)
Yes, /now/ I remember reading that. Not something I keep on RAM ;-) -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))