Educause Security Discussion mailing list archives
Re: Password cracking benchmarks
From: "Hull, Dave" <dphull () KU EDU>
Date: Tue, 15 Nov 2005 16:56:00 -0600
Alan, You may want to do some research on the Rainbow Crack tables. I don't know the details, but 99.9% of Lanman passwords containing alpha+numeric+symbols and space character can be "looked up" in RC tables that are 64GB in size. This doesn't jive with the number you arrived at for a full set of tables. The Rainbow Crack web site at http://www.antsight.com/zsl/rainbowcrack/, shows the full table set at 64GB and the Shmoo Group has put up a full table set on Bit Torrent available at http://rainbowtables.shmoo.com/. I can tell you from playing around with RC that I've yet to stumble across any passwords in that that .1% set. Someone with a greater head for math than mine may be able to explain the size discrepancy. -- Dave "DP" Hull, Network Security Analyst IT Security Office, A Division of Information Services The University of Kansas Desk: 785-864-0429 || Mobile: 785-840-7341 -----Original Message----- From: Alan Amesbury [mailto:amesbury () OITSEC UMN EDU] Sent: Tuesday, November 15, 2005 3:50 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password cracking benchmarks A couple people have mentioned to me off-list that they thought the doc I wrote up was useful for discussing password policies with management and other types. I've taken some feedback, expanded it a bit, and the revised version is available online for anyone who wants it at http://www1.umn.edu/oit/security/passwordattackdiscussion.html -- Alan Amesbury University of Minnesota
Current thread:
- Password cracking benchmarks Alan Amesbury (Nov 10)
- <Possible follow-ups>
- Re: Password cracking benchmarks Russell Fulton (Nov 10)
- Re: Password cracking benchmarks Chris Green (Nov 11)
- Re: Password cracking benchmarks Kevin Shalla (Nov 11)
- Re: Password cracking benchmarks Alan Amesbury (Nov 11)
- Re: Password cracking benchmarks Alan Amesbury (Nov 15)
- Re: Password cracking benchmarks Leigh Cheek (Nov 15)
- Re: Password cracking benchmarks Hull, Dave (Nov 15)
- Re: Password cracking benchmarks Alan Amesbury (Nov 15)