search for: killtacknine

Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow tables. This drastically changes the CPU/storage tradeoffs. >

...e on the internet says it's rather feasible if you want passwords cracked. Of course if the passwords are longer than, say, 8 characters, it becomes less feasible. My point wasn't to say that SHA512 is fully insecure, and adding rounds does make it less so as the expenses rack up. https://killtacknine.com/test-driving-google-cloud-gpus-with-hashcat/ It's not available on the graphics (puzzling), but if you look at the gist, it'll show that SHA512-CRYPT is cracked at 247.9 kH/s and MD5-CRYPT (salted MD5) at 17579.7 kH/s. As comparison, straight non-salted SHA512 goes at 1402.7 MH/s and M...