security - My friend hashes passwords with SHA512 algorithm without salt. How do I convince him that he needs to add salt? -

security - My friend hashes passwords with SHA512 algorithm without salt. How do I convince him that he needs to add salt? -

today discovered incredibly stupid - friend hashes user passwords sha512 algorithm without salt. raised issue him said wants see crack single password in database. told him without hash database vulnerable rainbow attack said no 1 had big rainbow table sha512 each has 64 hex characters long.

how convince him still needs add together salt? know hash cracking rate of sha512 is? argue take much or much time crack 8 char passwords, etc.

ask friend if he's got of next hashes in database:

b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86 bc547750b92797f955b36112cc9bdd5cddf7d0862151d03a167ada8995aa24a9ad24610b36a68bc02da24141ee51670aea13ed6469099a4453f335cb239db5da adfb6dd1ab1238afc37acd8ca24c1279f8d46f61907dd842faab35b0cc41c6e8ad84cbdbef4964b8334c22c4985c2387d53bc47e6c3d0940ac962f521a127d9f 3c9909afec25354d551dae21590bb26e38d53f2173b8d3dc3eee4c047e7ab1c1eb8b85103e3be7ba613b31bb5c9c36214dc9f14a42fd7a2fdb84856bca5c44c2 d404559f602eab6fd602ac7680dacbfaadd13630335e951f097af3900e9de176b6db28512f2e000b9d04fba5133e8b1c6e8df59db3a8ab9d60be4b97cc9e81db 3627909a29c31381a071ec27f7c9ca97726182aed29a7ddd2e54353322cfb30abb9e3a6df2ac2c20fe23436311d678564d0c8d305930575f60e2d3d048184d79 ba3253876aed6bc22d4a6ff53d8406c6ad864195ed144ab5c87621b6c233b548baeae6956df346ec8c17f5ea10f35ee3cbc514797ed7ddd3145464e2a0bab413 ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f c70b5dd9ebfb6f51d09d4132b7170c9d20750a7852f00680f65658f0310e810056e6763c34c9a00b0e940076f54495c169fc2302cceb312039271c43469507dc 0dd3e512642c97ca3f747f9a76e374fbda73f9292823c0313be9d78add7cdd8f72235af0c553dd26797e78e1854edee0ae002f8aba074b066dfce1af114e32f8 401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b3727429080fb337591abd3e44453b954555b7a0812e1081c39b740293f765eae731f5a65ed1 9719a6439375c9115e01dceda86e210e5f2d78a6cf3f4872997746832c4c0f58c5ae0923fabe5acfb923dfc94a117a7d444e453622912dfa193fc6636581f159

in case you're wondering, sha-512 hashes password, password1, letmein, 123, 1234, 12345, 123456, abc, abc123, qwerty, asdf , swordfish respectively. can find more candidates, if want.

then have friend read precomputed dictionary attacks , rainbow tables.

security hash passwords sha512