[eluser]Rick Jolly[/eluser]
[quote author="wowdezign" date="1263003348"]
...
If I understood him correctly, he's is saying that it would be easy for an attacker to not use a rainbow table, but just test out dictionary + salt and check it against the hash value.
So if I run
Code:
if(md5(stored_salt + dictionary_word) == hashed_password){
// log dictionary word (the username)
}
That would yield results very quickly. The known element in this scenario is the dictionary word.[/quote]
Actually, I was suggesting creating a rainbow table first.
Code:
for ($i = 0; $i < $dictionary_size; $i++)
{
$hash = md5(stored_salt + $dictionary_word[$i]);
$rainbow_table[$hash] = $dictionary_word[$i];
}
if (isset($rainbow_table[$hashed_database_password]))
{
echo("got ya");
}