 Md5 Rainbow Tables |
|
|
|
|
  |
 Apr 27 2005, 09:09 PM
Post
#1
|
|
|
Super Member  Group: [HOSTED] Posts: 508 Joined: 25-April 05 Member No.: 4,374  |
I have recently been playing around with rainbow tables. If you don't know what they are then look at www.antsight.com/zsl/rainbowcrack/ They are basically a precomplied hash table of all possible values from a particular algorithm. The most common are for the Windows Lanman hashes which can crack any possible Windows SAM in little to no time. My question is are there similar tables circulating for MD5? I got the Windows tables from bit torrent which were around 12 Gb compressed and 64 uncompressed.
|
 |
 
|
|
Apr 28 2005, 06:34 PM
Post
#2
|
|
|
Premium Member Group: [HOSTED] Posts: 336 Joined: 22-September 04 Member No.: 798 |
yep, the idea is the same. they don't actuall crack it. they just try out any string and take the hash of it. it's ok if you know that the word you are looking for is about 8 letters long, a password or so, but it might as well be something completely different. besides, if you hash it twice, no way they'll find it...
it's kinda stupid i think. |
|
|
|
|
Apr 28 2005, 07:58 PM
Post
#3
|
|
|
Super Member Group: [HOSTED] Posts: 508 Joined: 25-April 05 Member No.: 4,374 |
Stupid? No way, there are still plenty of applications out there that use a MD5 hash and a plain MD5 hash at that. I agree, hashing twice or adding a seed value will throw off the rainbow tables, but as I said there are still plenty of apps that this would be useful against.
|
|
|
|
|
May 27 2005, 09:55 PM
Post
#4
|
|
|
Newbie [ Level 1 ]  Group: Members Posts: 1 Joined: 27-May 05 Member No.: 5,517 |
But hashing twice won't necessarily do anything security-wise. Since a hash can have multiple corresponding passwords any password that creates the same hash is a correct password. Hashing twice only keeps someone from getting the original password.
|
|
|
|
|
Feb 26 2008, 12:10 AM
Post
#5
|
|
|
Newbie [ Level 1 ] Group: Members Posts: 0 Joined: 1-November 07 Member No.: 25,869 |
Replying to SubTen
No, actually, even if you hash it twice, you can still crack it pretty easily with rainbowtables. |
|
|
|
|
Mar 17 2008, 11:22 PM
Post
#6
|
|
|
Newbie [ Level 2 ] Group: Members Posts: 12 Joined: 17-March 08 Member No.: 29,182 |
yea you can hack it easly wiht rainbow tabs in my opion we should develept finger print scaners as passwords
|
|
|
|
|
Mar 19 2008, 01:39 AM
Post
#7
|
|
|
Advanced Member  Group: [MODERATOR] Posts: 102 Joined: 8-January 08 Member No.: 27,477 |
There is a Live CD version of Rainbow Tables, called OPHcrack. It is discussed in DistroWatch, which is where I first heard of it. It is imbedded in a copy of Slackware Linux.
I tried it on Windows XP, on a system which had 4 user accounts. It cracked only one of them, which had an all-uppercase 8-character alphabetic password. This is neither a testimonial nor a complaint. I had never before heard of Rainbow Tables, and was curious what they could do. If you wish to try them out, a Live CD is certainly a simple way to do it. In praise of OPHcrack, I booted it on a computer that has 4 hard drives. It correctly identified the 4 Windows partitions, and let me tell it which one to attack. |
|
|
|
|
Apr 1 2008, 05:27 PM
Post
#8
|
|
|
Super Member Group: [HOSTED] Posts: 508 Joined: 25-April 05 Member No.: 4,374 |
QUOTE(naro2212 @ Mar 17 2008, 06:22 PM)  yea you can hack it easly wiht rainbow tabs in my opion we should develept finger print scaners as passwords It’s funny that you mention using your fingerprints as passwords. Today I read an article where hackers have basically made a fingerprint keylogger. http://www.darkreading.com/document.asp?doc_id=149661 QUOTE If you think biometric scans are necessarily secure, think again: A European researcher has built a biometric keylogger that can capture fingerprint or other scans.
|
|
|
|
 |
Similar Topics
|
Lo-Fi Version | Time is now: 24th July 2008 - 08:55 PM |