Over the past two years, three security enthusiasts from the United States and Europe set a host of computers to the task of creating eleven enormous tables of data that can be used to look up common passwords. The tables--totaling 500GB-- form the core data of a technique known as rainbow cracking, which uses vast dictionaries of data to let anyone reverse the process of creating hashes--the statistically unique codes that, among other duties, are used to obfuscate a user's password.

Last week, the trio went public with their service. Called RainbowCrack Online, the site allows anyone to pay a subscription fee and submit password hashes for cracking.

"Usually people think that a complex, but short, password is very secure, something like $FT%_3^," said Travis, one of the founders of RainbowCrack Online, who asked that his last name not be used. "However, you will find that our tables handle that password quite easily."

While security professionals have questions whether a business can be created by offering access to rainbow tables, the endeavor does highlight the weaknesses in security of password-only authentication. History has shown that password systems are imminently breakable.

The link for this article located at SecurityFocus is no longer available.