Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,072
    Thanks
    26
    Thanked 0 Times in 0 Posts

    Security and "Rainbow Tables"

    Can someone help me get a better understanding of how a hacker would use a "Rainbow Table" to more effectively attack my website?

    First off, a Rainbow Table is just something like this, right?
    Code:
    Password	Hashed Password
    12345		90217633
    password	78019345
    LetMeIn		25334109
    qwerty		88012542

    Debbie

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    A hacker will try to find matching hashes in the database which will then allow then to attempt to calculate and find various letters in the password. The more of these they can establish the worse your chances.

    To counter this, we use what is called salt - a random string added on to the password so that if 4 or 5 users use the same password, it will still be different creating a unique hash in the database. You can store each users salt in the password with the rest of their account details.

    You can also use vinegar too - another string which is applied to the password which is hard coded into the php script. I personally use salt and vinegar in my own code but you can just use salt and be done with it.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •