Personal Development for Smart People Forums - View Single Post - Sites Hacked

Iksander · 08-09-2007, 03:00 AM

They probably performed an SQL injection query and retrieved your database password hashes - then they most likely used a Dictionary crack program with Rainbow tables.

Making your password 'longer' won't necessarily help - some of the most complex passwords are cracked in seconds using Rainbow Tables (something longer than 16 characters would do well though). Rainbow Tables are pre-compiled combinations of characters; Rainbow Tables generally have up towards 4 million (or more) possible hashes, generally for the really popular hashing algorithms such as MD5 and SHA1.

The fix for anti-cracking would be using a hashing algorithm that produces a MUCH larger hash (like SHA512 or larger, instead of MD5 or SHA1).

SQL injections are VERY easy to do - even with commercial products, because, most developers are very ignorant about their programming (PHP is a lax language and does very poorly in securing code).

I would invest heavily in becoming a proficient programmer if I were you.

08-09-2007, 03:00 AM	#13 (permalink)
Iksander Senior Member Join Date: Mar 2007 Location: Las Vegas, NV Posts: 219	They probably performed an SQL injection query and retrieved your database password hashes - then they most likely used a Dictionary crack program with Rainbow tables. Making your password 'longer' won't necessarily help - some of the most complex passwords are cracked in seconds using Rainbow Tables (something longer than 16 characters would do well though). Rainbow Tables are pre-compiled combinations of characters; Rainbow Tables generally have up towards 4 million (or more) possible hashes, generally for the really popular hashing algorithms such as MD5 and SHA1. The fix for anti-cracking would be using a hashing algorithm that produces a MUCH larger hash (like SHA512 or larger, instead of MD5 or SHA1). SQL injections are VERY easy to do - even with commercial products, because, most developers are very ignorant about their programming (PHP is a lax language and does very poorly in securing code). I would invest heavily in becoming a proficient programmer if I were you. __________________ "Speak your mind, even if your voice trembles."