Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
Thread: Security and "Rainbow Tables"
01-30-2012, 10:50 PM #1
Security and "Rainbow Tables"
Can someone help me get a better understanding of how a hacker would use a "Rainbow Table" to more effectively attack my website?
First off, a Rainbow Table is just something like this, right?
Password Hashed Password 12345 90217633 password 78019345 LetMeIn 25334109 qwerty 88012542
01-30-2012, 11:09 PM #2
- Join Date
- Feb 2011
- Your Monitor
- Thanked 523 Times in 510 Posts
- Blog Entries
A hacker will try to find matching hashes in the database which will then allow then to attempt to calculate and find various letters in the password. The more of these they can establish the worse your chances.
To counter this, we use what is called salt - a random string added on to the password so that if 4 or 5 users use the same password, it will still be different creating a unique hash in the database. You can store each users salt in the password with the rest of their account details.
You can also use vinegar too - another string which is applied to the password which is hard coded into the php script. I personally use salt and vinegar in my own code but you can just use salt and be done with it.
See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/
Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!