Wednesday, November 9, 2005

Password Hash Dash

Rainbow Crack is a time/memory tradeoff tool that can break passwords knowing just the password hash. So, those people who still think that disclosing password hashes is not a big deal...

SANS documented and proved, using a modified version of Rainbow Crack, something that I have suspected for a while. That Oracle's proprietary password hashes are weak There are plenty of good ways to do this that it's a wonder these days that people still roll-their-own crypto. The SANS team is releasing an update to Rainbow Crack that can crack Oracle passwords.

No comments:

Post a Comment