Palisade Magazine
 
Rainbow Cracking and Password Security

February 2006

Rainbow Cracking and Password Security

by Sam Varughese, CISSP, SCSA

Passwords are often stored hashed on the premise that significant time is required to brute force a hashed password. The value of password hashes, however, has been undermined by the Rainbow Cracking attack. Rainbow tables readily available today reduce the time required for cracking hashed passwords to minutes. This article presents this recent attack on password hashes.… more →

Assert Safely: How to use .Net's Assert wisely

by Sangita Pakala, GCIH

.NET’s Code Access Security is a powerful mechanism to ensure that your code is protected from malicious assemblies. In this article, we show you how to use a powerful feature of .NET securely: the assert security action.… more →

QuizQuiz: Quiz: Handling Secrets in .Net

Which of these is not a good strategy for handling secrets in .Net?

  1. Use SecureZeroMemory to clear secrets in the memory
  2. Use aspnet_setreg to encrypt passwords in the registry
  3. Use .Net’s isolated storage to store secrets safely

more →

Review: Software Security : Building Security In

by Gary McGraw

We discuss Gary McGraw’s excellent book on the philosophy of software security and how it is present in all stages of the software development lifecycle. A must read for software managers.… more →

On the blog recently

Past quizzes

  • Jul '04 : What is the cryptographic technique to use for transmitting passwords during authentication?
  • Feb '06 : Which of these is not a good strategy for handling secrets in .Net?
  • Sep '04 : How should I protect the session cookie in my web application from getting stolen?
  • Mar '07 : Which of the given options best describes an Anti-Phishing Measure?
  • Apr '05 : How can I prevent Cross Site Scripting attacks on my application?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award