Penetration Testing mailing list archives
RE: Rainbow Tables
From: "Simpson, Brett" <Brett.Simpson () hsn net>
Date: Thu, 9 Feb 2006 15:56:13 -0500
Another piece of software is http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/. They use more memory to speed up the cracking time and they have downloadable (alpha-numeric only) table sets.
-----Original Message----- From: Tony Stark [mailto:stark192 () hotmail com] Sent: Thursday, February 09, 2006 1:47 PM To: Simpson, Brett; pen-test () securityfocus com Subject: RE: Rainbow Tables Hello Brett, Fortunatly for this project we are only doing LM passwords, all on Windows machines. Yeah, I'd hate to try this with salt, I could take a long vacation while that ran..<g> Thx for the info, I'll jump on the links and check them out. TonyFrom: "Simpson, Brett" <Brett.Simpson () hsn net> To: "Tony Stark" <stark192 () hotmail com>, <pen-test () securityfocus com> Subject: RE: Rainbow Tables Date: Thu, 9 Feb 2006 12:59:53 -0500-----Original Message----- From: Tony Stark [mailto:stark192 () hotmail com] Subject: Re: Rainbow TablesSnip...Reason for this...the idea is that if we take the current list of passwords create a pre-computed hash table the next time we audit we'd run LC5 (till I convense them otehrwise) and all but the passwords that changed and new accounts would get knockedout rightaway. Does anyone have a hint as to how I should do this? Isthere a wayto take the hashes and the cracked clear text and mergethem into atable?http://www.antsight.com/zsl/rainbowcrack/ For non lan manager hashes this would require a tremendouseamount ofdisk space (tera to peta bytes). Every password can have alarge numberof salts (the exact number depends of the type of hash i.e. md5, sha-1,etc). So let's say you have a UNIX system using the older crypt then you would have 4096 salts that are possible per password. So for every clear text version of a password you would have to store4096 differentsalts. I have an English dictionary I use with JtR so411,563 words..Then I use rules mode and that number jumps to 15,773,164(171MB). Nowtimes that by 4096 salts and you get 64,606,879,744variations (700+ TB).For Windows if your looking at the lanman hashes (not nthashes) thenthey only have one salt so it would be possible to generatea table oncommon words and variations for only a couple hundred megabytes. You should also read the teracrack article. http://security.sdsc.edu/publications/teracrack.pdf_________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ -------------------------------------------------------------- ---------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------- -----------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Rainbow Tables, (continued)
- RE: Rainbow Tables Terry Vernon (Feb 08)
- RE: Rainbow Tables ROB DIXON (Feb 08)
- RE: Rainbow Tables Arley Barros Leal (Feb 08)
- Re: Rainbow Tables ROB DIXON (Feb 08)
- RE: Rainbow Tables Flory Jeffrey D Ctr 59 MDSS/MSISI (Feb 08)
- RE: Rainbow Tables Tony Stark (Feb 09)
- RE: Rainbow Tables Flory Jeffrey D Ctr 59 MDSS/MSISI (Feb 09)
- Re: Rainbow Tables DokFLeed (Feb 09)
- Re: Rainbow Tables jalvare7 (Feb 09)
- Re: Rainbow Tables Tony Stark (Feb 09)
- RE: Rainbow Tables Simpson, Brett (Feb 09)
- RE: Rainbow Tables Tom Brennan (Feb 09)
- RE: Rainbow Tables Simpson, Brett (Feb 10)
- RE: Rainbow Tables Tony Stark (Feb 09)
- RE: Rainbow Tables Stark192 (Feb 12)
- Re: Rainbow Tables Nicolas RUFF (Feb 15)
- Re: Rainbow Tables Tony Stark (Feb 16)
- Re: Rainbow Tables Tony Stark (Feb 17)
- Re: Rainbow Tables Nicolas RUFF (Feb 15)