On Tue, 23 Jul 2013 23:14:32 -0400, Greg Freemyer wrote:
If people use a relatively short password, a rainbow attack is not significantly slowed down by strong encryption, no matter how strong it is.
It is if you salt the password, which eDirectory has done for years. Rainbow tables are rendered completely useless by salting the password with an effective algorithm. There are a number of ways to apply salt to a cryptographic function. You could design, for example, a three-way hash that uses the username, password, and (say) the length of the username to generate a hash. I know some older systems do something similar to this to make the hashes less predictable. Others incorporate some sort of time element in (though I've not looked closely at how that actually works). But longer passwords certainly are better for defending against brute force attacks. There /are/ multiple ways to attack a cryptographic system - brute force, dictionary attacks, rainbow tables, and direct attacks on the cryptographic algorithms used are just a few. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org