PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

rainbow tables at Shmoocon

From: dninja at gmail.com (Robin Wood)
Date: Wed, 6 Jan 2010 15:55:22 +0000
2010/1/6 Jim Halfpenny <jim.halfpenny at gmail.com>:

I'm not sure I would trust the rainbow tables in such a collection. It would
be easy to drop poisoned tables where a pecentage of the values were bogus.
Nice idea in principle but if you have the CPU time to verify the tables so
they are trustworthy you could just generate them yourself.

Mind you, I wouldn't mind some more exotic rainbow tables - Oracle password
hashes anyone?

Jim


I'm hoping that the community spirit will keep the tables clean and
useful. Like someone said earlier, most of the people on this list who
are likely to contribute are known names and can probably be vouched
for by the rest of the list.

Lets just hope someone doesn't work out a 0-day for one of the
cracking apps that involves a specially crafted table!

Robin
Previous By Date Next
Previous By Thread Next

Current thread: