On Wed, 03 Feb 2010 23:02:20 +0100, Christian Sciberras said: > Actually dictionary attacks seem to work quite well, especially for common > users which typically use dictionary and/or well known passwords (such as > the infamous "password"). > Another idea which seems to be cropping in, is the use of hash tables with a > list of known passwords rather then dictionary approach. > Personally, the hash table one is quite successful, consider that it targets > password groups rather than a load of wild guesses. Correct - the point is those are *clever* ways to break an MD5 hash of a password, rather than a brute-force attack. They work in several days rather than several thousand times the age of the universe precisely because they're clever.
Attachment:
pgpu6OxXkGUdS.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/