June 17, 2005

Rainbow cracking. Passwords are almost universally stored on computers in an unreversable hashed form. Traditionally the cracker has had to generate billions of passwords to match the hashes. But the falling cost of storage has outfoxed computation speed: just precompute it all in advance. What used to require weeks now just takes minutes.
posted by rolypolyman 19 years ago
  • Shut up I hack you!
  • Errr, Shut up I hash you! I am teh hash3r!
  • Q: What kind of cookies does Windows like? A: Hash brownies!
  • Be sure to eat the brownies, with some sugar, milk and tea.
  • What i've always been curious about is the hacking of website passwords. Is that just as simple as a program that generates a gazillion usernames and passwords? Why isn't it stopped by automatically refusing the multitudinous login attempts from that particular IP address?
  • This is cool. It's so simple that you'd think that it either didn't work or was thought of long ago (long ago in internet time). This is like retrohacking. StoryBored, that's why you can't directly brute force a website, or most machines for that matter. You're right, it IS a simple matter to recognize a brute force attack. This is why ATM machines keep your card if your password fails X number of times. Many machines have a default of 3 attempts before a lockout, depending on the apllication.
  • StoryBored, yes, that method is frequently detected/stopped. But some attacks can get a hash and take it off to the hacker's machine or can run a process on the target machine to do the compare. It doesn't try the brute force at the front door, it dups the key or it tests the key from somewhere inside and doesn't escalate itself until it has broken the key.
  • Just using md5 or whatever basic lossy hashing scheme is generally considered very, very basic security. The hardcore stuff uses public/private key encryption that's based on clock calculators and prime numbers that are hundreds of digits long. Major e-commerce sites aren't going to be satisfied with just using md5, but Kingdom of Loathing probably is. GUARD YOUR PASTAMANCER WITH YOUR LIFE.
  • No one better touch my Colander of Em-er'il!
  • Fuck you you goddamn son of a whore. Just delete my membership. Oh and let me tell you something you goddamn cowards---You fucking well better KEEP hiding behind distance and anonymity you chickenshit poltroons. You people are blithering, no-good, chickenshit cowards. Not one of you yellow bellies would dare approach me in person and interfere with me in this way. I goddamn dare you to come to me face to face this way. I fucking well dare you. FUCK YOU
  • Sorry guys, that wasn't me. My computer got hacked. Really.
  • OMG it's PsychoCyclist!! HE'S HACKED IN! /runs screaming from the room