Re: MYsql 323 Hashes Cracking

[Gage Bystrom <themadichib0d () gmail com>]

On Dec 22, 2011 10:55 AM, <synja@synfulvisions.(something I
accidentally deleted and am too lazy to go figure it out, probably a
com)
> With the access that you already apparently have, you may want to look into alternate methods of credential 
> "discovery."

This absolutely. I can't remember how often I've laughed at people
when they couldn't crack a hash, but at the same time had write access
to the php script that collected the logins in the first place....

And that's only one out of many methods. Chances are if you are in a
position to worry about someone cracking your hashed there are bigger
things to worry about, which is fairly equivocal for an attacker.
Chances are if you're in a position to crack a hash, there are bigger
things to target.

But to answer the OPs question, unless you got a few terrabytes or
more to spare, than no its not worth it. Chances are unlikely that
anyone has rainbow tables in that range. And since calculating your
own rainbow table just for this event would be idiotic, you're
probably just better off tweaking your john options(patched to remove
the 8 length restriction) or whatever your favorite cracking tool that
can handle the algo. Also a Google check couldn't hurt, you may be
lucky and someone else already cracked that hash.
> ------Original Message------
> From: tarunkall () gmail com
> Sender: listbounce () securityfocus com
> To: security-basics () securityfocus com
> Subject: MYsql 323 Hashes Cracking
> Sent: Dec 22, 2011 13:34
>
> Hi,
> While testing i got the mysql 323 root's and few users hashes, but i am not able to crack them till yet, passwords 
> seems to complex,if the password is of length of around 12-16 having special character lower n upper alpha and numeri 
> are their any possibilities of it being cracked by Rainbow tables if i purchase them, please suggest tht till what 
> extent does rainbow tables could crack such passwords and will it be a worth full to purchase.
> please provide up with the Suggestions
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>
> Sent on the Sprint® Now Network from my BlackBerry®

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------