27.06.2013, 10:53
Surely no matter how you salt your passwords, they can be cracked using a rainbow table once you know the 'format'?
For example, going by Kreatyve's example:
Mike
'password'
Mipasswordke
In the table, the player's name and password hash are stored. If someone wants my password, all they have to do is make a rainbow table of 'Mi[?????]ke'. There's only one variable part. It's exactly the same as not having a salt at all.
How long exactly would it take to make a rainbow table anyway?
For example, going by Kreatyve's example:
Mike
'password'
Mipasswordke
In the table, the player's name and password hash are stored. If someone wants my password, all they have to do is make a rainbow table of 'Mi[?????]ke'. There's only one variable part. It's exactly the same as not having a salt at all.
How long exactly would it take to make a rainbow table anyway?