On Wed, Jul 24, 2013 at 12:48 AM, Jim Henderson
On Tue, 23 Jul 2013 23:14:32 -0400, Greg Freemyer wrote:
If people use a relatively short password, a rainbow attack is not significantly slowed down by strong encryption, no matter how strong it is.
It is if you salt the password, which eDirectory has done for years.
Rainbow tables are rendered completely useless by salting the password with an effective algorithm.
Jim, I should know the answer to this, but if that is true why can so many systems be attacked via rainbow tables? My multiple choice answers (guesses): - They didn't setup a salt value at all - Often in mass produced software like MS Windows, a single salt value is used for the entire install base, so the bad guys can build a rainbow table on one box, but use it millions of places. - Other Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org