Displaying 2 results from an estimated 2 matches for "crackstat".
Did you mean:
checkstat
2015 Feb 04
0
Another Fedora decision
...the complexity
> requirements imposed by the installer are really worth much against
> the pre-hashed lists that would be used to match up the shadow
> contents.
Rainbow tables don?t help against salted hashes. Rainbow tables are for attacking *un*salted hashes, like NTLM used.
https://crackstation.net/hashing-security.htm
When the hashes are properly salted, the only option is brute force. All having /etc/shadow does for you is let you make billions of guesses per second instead of 5 guesses per minute, as you get with proper throttling on remote login avenues.
2015 Feb 04
5
Another Fedora decision
On Wed, Feb 4, 2015 at 4:55 PM, Warren Young <wyml at etr-usa.com> wrote:
>>>
>> There have been remotely exploitable vulnerabilities where an arbitrary file could be read
>
> CVEs, please?
>
> I?m aware of vulnerabilities that allow a remote read of arbitrary files that are readable by the exploited process?s user, but for such an exploit to work on /etc/shadow,