Re: How are you authenticating you applications?

  • From: Greg Rahn <greg@xxxxxxxxxxxxxxxxxx>
  • To: cicciuxdba@xxxxxxxxx
  • Date: Wed, 9 Mar 2011 15:03:02 -0800

On Wed, Mar 9, 2011 at 11:11 AM, Guillermo Alan Bort
<cicciuxdba@xxxxxxxxx> wrote:
>    We are working on providing the hashed password, so all the non-dbas get
> is a hash... but I don't know how strong the eencryption really is... and
> I'd like to let my i7 have a go at cracking one and see how long it takes...
> still, a non-human-intervention approach would be appreciated :-)

I'm not sure what you mean by this but I would strongly suggest this
as a starting point:

BTW, an i7 is nothing... just spend a week or so to learn Nvidia CUDA,
rent a few dozen Amazon Web Services Cluster GPU instances and you
will be frightened to learn how many hundreds of billions of password
candidates (yes billions!) you can try in a few seconds.
All at the hands of anyone with an AWS account.  Makes you think at
least twice about password security.

Greg Rahn

Other related posts: