Just found an interesting article over on the Register: http://www.theregister.co.uk/2005/11/10/password_hashes/page2.html It's about a new online service that has built huge "rainbow" tables containing hashes and the associated passwords that generate those hashes for the most popular hashing algorithms. They talk about how most security systems were not implemented carefully enough, and so become easy to crack with rainbow tables. Now, someone correct me if I'm wrong, and this was even briefly mentioned in the article, but doesn't a good salt algorithm foil this? Acegi has the ability to salt hashes, so I guess the next question is, is Acegi's implementation good enough to thwart such easy cracking?
- Andy ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Home: http://acegisecurity.sourceforge.net Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer