4 Feb
2015
4 Feb
'15
11:36 p.m.
On Feb 4, 2015, at 4:14 PM, Les Mikesell lesmikesell@gmail.com wrote:
Not exactly - it just becomes a question of whether the complexity requirements imposed by the installer are really worth much against the pre-hashed lists that would be used to match up the shadow contents.
Rainbow tables don’t help against salted hashes. Rainbow tables are for attacking *un*salted hashes, like NTLM used.
https://crackstation.net/hashing-security.htm
When the hashes are properly salted, the only option is brute force. All having /etc/shadow does for you is let you make billions of guesses per second instead of 5 guesses per minute, as you get with proper throttling on remote login avenues.