Monday, May 23, 2011

Passwords (Rainbow Tables)

One last update, this time from Matthew Montgomery:
Not to be an AFE (another f-ing expert), but regarding rainbow tables:

Given how fast GPUs are, it's to the point where you might not even bother making rainbow tables— you can test all lowercase, alphanumeric passwords that're less than 7 characters in less than two seconds! We're reaching the limits of my knowledge here, but I'll try anyway: here's a table full of estimates for how long it takes for a given GPU to perform a bunch of different tasks. MD5 is the one you usually care about. A Radeon HD 6970 (~$400) can do 5.5 billion hashes per second. Salting alone isn't good enough anymore.

http://codahale.com/how-to-safely-store-a-password/ has some more information. Not sure how easy it is to follow if you're not that technical, but it has some good information.


Site Meter