-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2014-08-12 at 14:45 -0400, Greg Freemyer wrote:
They match the stolen 1 million password hashes against the 100 million pre-calculated pairs and out pops 80 or 90% of the passwords.
That process is called using rainbow tables to crack a password.
...
Proper use of salt makes this much more complicated and I admit to not recalling the details of how salt plays into this.
The basic idea is like encoding your locally encrypted password list with another password, different on each machine (it is random). This way, they can not simply compare the hashed list of millions of more or less common passwords with your short list, because even if you use common passwords that are in that rainbow list, the hashes will not match. So it protects against rainbow table attacks :-) - -- Cheers, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlPqurgACgkQtTMYHG2NR9XCOACdG40sFcraUtunHFPvYjUzt1yT w14AniNFAw56VqtBlu9/S5NqYXMO12+r =06bI -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org