Monday, May 23, 2011

Passwords (Rainbow Tables)

One last update, this time from Matthew Montgomery:
Not to be an AFE (another f-ing expert), but regarding rainbow tables:

Given how fast GPUs are, it's to the point where you might not even bother making rainbow tables— you can test all lowercase, alphanumeric passwords that're less than 7 characters in less than two seconds! We're reaching the limits of my knowledge here, but I'll try anyway: here's a table full of estimates for how long it takes for a given GPU to perform a bunch of different tasks. MD5 is the one you usually care about. A Radeon HD 6970 (~$400) can do 5.5 billion hashes per second. Salting alone isn't good enough anymore. has some more information. Not sure how easy it is to follow if you're not that technical, but it has some good information.

Site Meter