Podcast for 18 November 2013

Started by MrBogosity, November 17, 2013, 04:05:33 PM

Previous topic - Next topic
[mp3]http://podcast.bogosity.tv/mp3s/BogosityPodcast-2013-11-18.mp3[/mp3]


Co-Hosts: Jonathan Loesche and Jakob Morris (AnCapBrony) https://twitter.com/AnCapBrony

Follow-up: Password Security
News of the Bogus:
24:43 - Biggest Bogon Emitter: Barack Obama http://dailycaller.com/2013/11/05/obama-denies-you-can-keep-it-videotaped-promises/?sc=1850820228461930801
29:36 - Idiot Extraordinaire: Faith Salie http://www.cbsnews.com/8301-3445_162-57563689/

This Week's Quote: "Politics is an extension of war by other means...Once you know which side you're on, you must support all arguments of that side, and attack all arguments that appear to favor the enemy side...People who would be level-headed about evenhandedly weighing all sides of an issue in their professional life as scientists, can suddenly turn into slogan-chanting zombies when there's a Blue or Green position on an issue." —Eliezer Yudkowsky

Note: The Bogosity Podcast will be taking two weeks off for the Thanksgiving holidays. (All right, all right, and the Doctor Who 50th anniversary as well.) See you in December!

if you need a second co-host, give me a call and ill be happy to do it again.
Avatar image by Darkworkrabbit on deviantart

If you check the history of password cracking, it turns out that older style UNIX systems (which often had maximum password lengths) have been in real trouble for at least 20 years.  Prior to password shadowing, everyone had to have access to the password file, so everyone had access to all the usernames, and all the password hashes and their salts.  If the maximum length was 8 characters (which was a real limit on many systems), storage got cheap enough about 20 years ago to store lookup tables of all possible passwords hashed with all possible salts on reasonably priced hardware.

Quote from: evensgrey on November 21, 2013, 09:35:37 AM
If you check the history of password cracking, it turns out that older style UNIX systems (which often had maximum password lengths) have been in real trouble for at least 20 years.  Prior to password shadowing, everyone had to have access to the password file, so everyone had access to all the usernames, and all the password hashes and their salts.  If the maximum length was 8 characters (which was a real limit on many systems), storage got cheap enough about 20 years ago to store lookup tables of all possible passwords hashed with all possible salts on reasonably priced hardware.

That was never the case on systems like Linux or BSD, which always had shadowing and also a greater number of salts. Linux Mint uses SHA512 out of the box (so probably Ubuntu does, too). You'd have to get superuser access to even BEGIN to crack them, in which case, it's all over.