Jacob Albretsen wrote: > And thanks to rainbow tables, at the time of the publication (2009), > the book I'm reading claims all Windows OS passwords of 14 characters > or fewer are useless if the attacker can get a hold of your hash or > the hash file.
Any password shadow system, even on Unix/Linux, should be thought of as compromised if they have access to the password database. Who cares if your password is 300 characters long? You don't know what hardware or software the attacker has access to, nor do you know what sort of information he has that might reveal your password in an efficient manner. Rainbow tables are only used if the shadowed password file remains shadowed. Once it's in the open, rainbow tables are yesterdays news, and all bets are off. -- . O . O . O . . O O . . . O . . . O . O O O . O . O O . . O O O O . O . . O O O O . O O O
signature.asc
Description: OpenPGP digital signature
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
