Sponsored link
Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.
| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Wordpress Cookie Authentication Vulnerability
Wordpress Cookie Authentication Vulnerability
Posted Nov 20, 2007 9:15 UTC (Tue) by Ross (subscriber, #4065)In reply to: Wordpress Cookie Authentication Vulnerability by lutchann
Parent article: Wordpress Cookie Authentication Vulnerability
It's true that any encrypted password can be attacked offline if you have the hash, but if the passwords were properly salted, it would be much more expensive to crack them because an attacker couldn't build a pre-encrypted dictionary.
(Log in to post comments)
Wordpress Cookie Authentication Vulnerability
Posted Nov 20, 2007 16:10 UTC (Tue) by drag (subscriber, #31333) [Link]
Ya.. Google around for 'Rainbow tables'. There are ones you can download for free and ones you can pay for. Just going out to pirate bay and doing a quick search I found downloads for MD5, SHA1, and NT Lan manager tables.
Wordpress Cookie Authentication Vulnerability
Posted Nov 20, 2007 18:21 UTC (Tue) by Los__D (subscriber, #15263) [Link]
The main purpose of salts is to combat things like rainbow tables.
Wordpress Cookie Authentication Vulnerability
Posted Nov 20, 2007 19:12 UTC (Tue) by jengelh (subscriber, #33263) [Link]
The main purpose of rainbow tables is to combat unsalted web apps ;-)