Yeah but isn't this method just a giant rainbow table whose source is crawlable web content?
>It would have been impossible to use a brute-force attack or even a combined dictionary to crack a phrase of that length. But because the phrase was contained in this Wikipedia article, it wound up in a word list that allowed Chrysannthou to crack the phrase in a matter of minutes.
No, a rainbow table is just a method to pre-compute hashes. Given that you can, for $500 buy a graphics card that can compute seven hundred million hashes a second, precomputation is not really of any value.
The attack described is to find potential passwords on the web or somewhere, compute the hash, see if it matches. Rainbow tables aren't any part of this process.
This most likely depends on the way you look at it (or rather how exactly he did it): did he take the word list, generate hashes from it and then check them against leaked hashes? Rainbow table.
If he took the word list to run login attempts against a server (or a local endpoint checking the leaked database) it's more of a dictionary attack.
Same result, different ways to get there. If you're able to run your cracker locally against a leaked db, it probably doesn't really matter.
>It would have been impossible to use a brute-force attack or even a combined dictionary to crack a phrase of that length. But because the phrase was contained in this Wikipedia article, it wound up in a word list that allowed Chrysannthou to crack the phrase in a matter of minutes.