Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
iwwr
on Feb 25, 2011
|
parent
|
context
|
favorite
| on:
Anonymous vs. HBGary: the aftermath
Salts won't give you that much greater security these days. Password-cracking GPGPU hardware is already well into the consumer domain. Using a pair of AMD's HD 5970, you can get cranking to just over 1bn SHA256 hashes/s.
MichaelGG
on Feb 25, 2011
[–]
Doesn't salting and iterative hashing pretty much stop rainbow tables? Didn't they find the passwords via a rainbow table?
iwwr
on Feb 25, 2011
|
parent
[–]
Yes, they stop rainbow tables, but not GPGPU crunchers like the HD 5970. Moore's law is catching up rather fast at the moment.
stcredzero
on Feb 25, 2011
|
root
|
parent
[–]
You can still maximize the time and expense of an attack with salts and rainbow tables. (and bcrypt)
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
