db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag.Wan...@Sun.COM (Dag H. Wanvik)
Subject Re: [jira] Commented: (DERBY-1387) Add JMX extensions to Derby
Date Fri, 17 Aug 2007 14:44:39 GMT
Daniel John Debrunner <djd@apache.org> writes:

> Could you explain how having the hash makes a dictionary attack easy?

Cf for example http://en.wikipedia.org/wiki/Dictionary_attack:
  However many systems store a hashed version of the password and make
  it available under certain circumstances, such as a
  challenge-response authentication exchange between two parties. If
  an attacker can obtain the hashed password, they can test guessed
  passwords rapidly, often at a rate of tens or hundreds of millions
  of guesses per second.
Derby's algorithm is known, so there is no need to call 


to check the guess.  The attack could proceed off-line.

Of course, the dba can get at the hash value anyway by digging into the database


View raw message