On Wed, Jun 3, 2009 at 1:04 AM, Roger Binns <rog...@rogerbinns.com> wrote: > But wait, there is more. If rows store the same password then they will > have the same hash which means if either user sees the file they can > compromise the other user. In addition crackers have generated tables > mapping all letter and number combinations for possible passwords up to > a certain length and their hash values, called rainbow tables. Yes this > is a large amount of data - one rainbow table is a 64gb download. But > you can simply find a matching hash value and corresponding string that > made it. The defense against this attack is to add random data to the > password before hashing it, aka salting. You can store the salt in the > clear. That helps considerably against the rainbow table attack and > also means that different rows having the same password will have a > different hash due to the different salt. > > http://www.codinghorror.com/blog/archives/000949.html > http://en.wikipedia.org/wiki/Rainbow_table
I often wondered about this, but never followed it up because of laziness. Thanks for the clear explanation. -- Puneet Kishor http://www.punkish.org/ Carbon Model http://carbonmodel.org/ Charter Member, Open Source Geospatial Foundation http://www.osgeo.org/ Science Commons Fellow, Geospatial Data http://sciencecommons.org Nelson Institute, UW-Madison http://www.nelson.wisc.edu/ ----------------------------------------------------------------------- collaborate, communicate, compete ======================================================================= Sent from Madison, WI, United States _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
