On August 13 2011 04:18 lostmage333 wrote:
Your 14 character long password with uppercase, lowercase, symbols, and numbers isn't anything that won't fail to a sufficiently large rainbowtable attack within minutes. Sure, salting passwords makes them no stronger versus bruteforce/dictionary attacks, but adding a 20 character salt makes it significantly stronger versus rainbowtables, unless a new set of rainbowtables is generated to target that specific salt, which takes a long, long time (but can be reused for extremely fast and efficient attacks on the whole database).
All the SHA algorithms also vulnerable to rainbowtables attacks.
It's funny how you call out people for not knowing basic cryptography, when you yourself don't know some of the most basic attack methods. I'm not claiming to be some expert, since I'm not, but I do know that you've stated some clearly incorrect statements.
That said, it's still sad that GOM stored passwords in plaintext. Just use this as an opportunity to understand the "do not resuse passwords" warning that many sites give. Hopefully it'll get resolved soon.
Your 14 character long password with uppercase, lowercase, symbols, and numbers isn't anything that won't fail to a sufficiently large rainbowtable attack within minutes. Sure, salting passwords makes them no stronger versus bruteforce/dictionary attacks, but adding a 20 character salt makes it significantly stronger versus rainbowtables, unless a new set of rainbowtables is generated to target that specific salt, which takes a long, long time (but can be reused for extremely fast and efficient attacks on the whole database).
All the SHA algorithms also vulnerable to rainbowtables attacks.
It's funny how you call out people for not knowing basic cryptography, when you yourself don't know some of the most basic attack methods. I'm not claiming to be some expert, since I'm not, but I do know that you've stated some clearly incorrect statements.
That said, it's still sad that GOM stored passwords in plaintext. Just use this as an opportunity to understand the "do not resuse passwords" warning that many sites give. Hopefully it'll get resolved soon.
Im familiar with the rainbow tables but hacked by rainbow tables means that this password u chose is already in the table...RT is also a dictionary attack if im not mistaken,and if ur password is SOCCER its gonna be cracked within seconds,but if its s0cc3rrrr8765 its not gonna get hacked by rainbow table..