Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: DOWNLOAD LINK FOR MTGOX COMPROMISED ACCOUNTS CSV
by
enmaku
on 19/06/2011, 20:51:06 UTC
Quote from: foo on June 19, 2011, 08:41:09 PM
Quote from: Durr on June 19, 2011, 08:30:27 PM
Quote from: RandyMarsh on June 19, 2011, 08:23:06 PM
If they cant get the passwords because they're hashed, then... ummm, how did they do it?
So it's easy to crack hashes passwords, takes a few minutes per password
Incorrect. The amount of time it takes is related to the complexity of the password. "monkey" will be found in seconds, but something like "efweug#%_#Tsafwef24g" will take years.

Which is why we salt passwords before hashing them. It might take seconds to find "monkey" but it'll take ages to find "monkeyefweug#%_#Tsafwef24g" and the user doesn't have to remember that second part. Really if the database is compromised the salt is in there with the hash so it doesn't help much but it DOES at least make it so that two people using the same password won't both be compromised by simply compromising one of them. It also makes "rainbow tables" (giant tables of common passwords and what they hash to) ineffective.