People are obsessed with this attack from the 1970s, but in practice password cr... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tptacek on Nov 1, 2023 | parent | context | favorite | on: How Bear does analytics with CSS

People are obsessed with this attack from the 1970s, but in practice password cracking rigs just brute force the hashes, and that has been the practice since my career started in the 1990s and people used `crack`, into the 2000s and `jtr`, and today with `hashcat` or whatever it is the cool kids use now. "Rainbow tables" don't matter. If you're discussing the expense of attacking your scheme with or without rainbow tables, you've already lost.

jonahx on Nov 1, 2023 [–]

> If you're discussing the expense of attacking your scheme with or without rainbow tables, you've already lost.

Can you elaborate on this or link to some info elaborating what you mean? I'd like to learn about it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact