Educause Security Discussion mailing list archives
Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online
From: John Duksta <John_Duksta () BROWN EDU>
Date: Thu, 10 Nov 2005 15:02:50 -0500
And between the time that I started writing this, and now, I also found out about RainbowCrack Online. How do you think that it will affect password standards, or increased use of 2-factor authentication?
If you go and take a look at the Rainbow tables that they currently have Completely, you'll see that they're not quite complete. The most complete sets of tables they have is for MD5. However this is still not complete. The following four sets are the MD5 sets that they are using. Character set > alpha-numeric-symbol32-space [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ] Plaintext length range [ 1-7 ] Character set > loweralpha-numeric-symbol32-space [abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ] Plaintext length range [ 1-7 ] Character set > loweralpha-numeric [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789] Plaintext length range [ 1-8 ] Character set > mixalpha-numeric [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789] Plaintext length range [ 1-7 ] If I use 'dk!2w4*p' or 'DK!2w4*P', then they can crack it. However, if I mix case, numbers and special characters I'm safe. Or if I use a 9 character password, I'm safe. I wouldn't say the sky is falling just yet. -j -- John Duksta <John_Duksta () brown edu> Lead IT Security Specialist Computing and Information Services Brown University
Current thread:
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- <Possible follow-ups>
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Jimmy Kuo (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online John Duksta (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Hull, Dave (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Hull, Dave (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Chris Harrington (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Brian (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Russell Fulton (Nov 10)
- Re: YAWiTR - Yet another what is the risk -- Virus Scanning Engine Flaw + RainbowCrack Online Perry, Jeff (Nov 10)