Collaborate Disseminate
I am using some frameworks that store salts inside databases. For example this article shows how Devise stores salt together with the user information. My question is why do people say that salts prevent rainbow table attacks? I make this … Continue reading Why people say that salt helps to prevent rainbow table attack?
I don’t understand this part of the Rainbow table attack.
In all my Google searches, it says that a hacker uses a rainbow table on password hashes.
But how does the hacker obtain the password hashes in the first place?
I have rephrased thi… Continue reading How does a ‘rainbow table’ hacker obtain password hashes in the first place?
How is Salting a password considered secure, when the idea of a rainbow table attack means that the hacker already has access to user password Database?
Since the Attacker already has access to the password database… he can just send the… Continue reading How is Salting a password considered secure, when the hacker already has access to user password Database? [closed]
Under what circumstances that a Rainbow Table attack is best used?
Continue reading When is it best to use a Rainbow Table attack? [duplicate]
I have been trying to work the last two questions out (20.3 and 20.4) but I have been unsuccessful.
20.2. Given a password that is 15 characters long where each character can be one of the 52 upper- and lower-case letters, 10 digits o… Continue reading rainbow table size and time to brute force [closed]
I researched password hashing and cracking and I have some misconceptions:
First rule of thumb to create a strong password is to use 10+ combination of digits/upper/lower/symbols to prevent brute force attacks.
Then the problem will be on… Continue reading Can you help me with some misconceptions about bcrypt and salting?
I’m currently undergoing a penetration testing certification, where I’m asked to :
Set up a fully-patched Windows 10 Pro VM (done)
Retrieve local password hashes from the SAM database using pwdump7
Crack these passwords using rainbow tab… Continue reading Why does pwdump7 retrieve LM hashes even though they’re disabled?
I’m taking a security course and I’m working on a project where I have to use password cracking tool. I’m using Rainbowcrack tool for password cracking to create Rainbow Tables but I get this error message when
I try to generate the table… Continue reading Problem Creating Rainbow Table
I see every now and then how hackers stole DB with emails and hashed passwords of millions of users from popular websites and sell it on the black market.
I assume that passwords were hashed with proper unique salt for each which makes ra… Continue reading Why people buy stolen databases with emails and hashed passwords of users? [duplicate]
Bruteforcing anything is lot time consuming. So if we are given a MD5 hash of any 10 digit number, it will take hours to find correct match.
But what if we make a pdf of all 10 digit number along with its hashes. So in short it will work… Continue reading Making a pdf file of all ten digit numbers and their MD5 hash