Linked by Thom Holwerda on Mon 4th Jul 2011 21:43 UTC
Apple So, Anonymous, under the guise of its AntiSec campaign, has hacked an Apple server, got access to 27 administrator usernames and passwords, and put them on Pastebin. Is it time to panic? Is it time to point and laugh at Apple? Is it time to stop using iTunes? Not really - this is a small hack that will cause little to no damage.
Permalink for comment 479630
To read all comments associated with this story, please click here.
RE[6]: SHA1 hashed
by Soulbender on Tue 5th Jul 2011 21:41 UTC in reply to "RE[5]: SHA1 hashed"
Soulbender
Member since:
2005-08-18

A reverse hash index can be generated for plain password hashing (as evidenced by the link above). True/false?


Obviously true.

The salting doesn't add significantly to the complexity for forward hashing. True/false?


False. Salting significantly increases the time and complexity of creating the tables. See below.
If it didnt add anything significant it wouldn't be recommended practice.

A reverse hash index can be generated for salted passwords in the same way it can be generated for unsalted passwords.


True but you would need one rainbow table for each possible salt. The longer the salt, the more tables needed. This is why salting defeats rainbow tables in practice.

I looked it up, but it's a file encryption utility and I'm not really clear about exactly you wanted me to look at.


Oh right, there are more than one "bcrypt".
http://en.wikipedia.org/wiki/Bcrypt

Reply Parent Score: 2