[Chicago-talk] Password strength
John Kristoff
jtk at depaul.edu
Fri Aug 7 10:52:48 PDT 2015
On Fri, Aug 07, 2015 at 05:35:38PM +0000, Joel Limardo wrote:
> MD5 hash 'reversal' appears to be done using some kind of dictionary
> file (see http://www.perlmonks.org/?node_id=727370) which is defeated
> by using the *combination* of numbers and characters as I recommended.
Not necessarily. Dictionaries aren't necessarily just word lists. They
can contain all sorts of things. There are many large "password
dictionaries" floating about. There are also "rainbow tables", which
are precomputed hashes of potential passwords. You might be surprised
what is some dictionaries and rainbow tables, seeminglying otherwise
very complex-looking passwords.
This appears to be a good write up of how to do salted password hashing:
<https://crackstation.net/hashing-security.htm>
John
More information about the Chicago-talk
mailing list