It Seems That Someone Has Deleted That Topic Since I Found The Url Of The Topic But It Gives Me An Error
I have recently been playing around with rainbow tables. If you don't know what they are then look at www.antsight.com/zsl/rainbowcrack/ They are basically a precomplied hash table of all possible values from a particular algorithm. The most common are for the Windows Lanman hashes which can crack any possible Windows SAM in little to no time. My question is are there similar tables circulating for MD5? I got the Windows tables from bit torrent which were around 12 Gb compressed and 64 uncompressed.
| |
|
Welcome to AstaHost - Dear Guest 
, Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply
w/o Sign-Up!
| |
Toggle shoutbox
Shoutbox
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
10 replies to this topic
#2
marijnnn
-
- [HOSTED]
-
- 336 posts
Premium Member
Posted 28 April 2005 - 06:34 PM
yep, the idea is the same. they don't actuall crack it. they just try out any string and take the hash of it. it's ok if you know that the word you are looking for is about 8 letters long, a password or so, but it might as well be something completely different. besides, if you hash it twice, no way they'll find it...
it's kinda stupid i think.
it's kinda stupid i think.
#3
Posted 28 April 2005 - 07:58 PM
Stupid? No way, there are still plenty of applications out there that use a MD5 hash and a plain MD5 hash at that. I agree, hashing twice or adding a seed value will throw off the rainbow tables, but as I said there are still plenty of apps that this would be useful against.
#4
SubTen
-
- Members
-
- 1 posts
Newbie [ Level 1 ]
Posted 27 May 2005 - 09:55 PM
But hashing twice won't necessarily do anything security-wise. Since a hash can have multiple corresponding passwords any password that creates the same hash is a correct password. Hashing twice only keeps someone from getting the original password.
#5
Guest_FeedBacker_*
Guest_FeedBacker_*
-
- Guests
Posted 26 February 2008 - 12:10 AM
Replying to SubTen
No, actually, even if you hash it twice, you can still crack it pretty easily with rainbowtables.
No, actually, even if you hash it twice, you can still crack it pretty easily with rainbowtables.
#7
Posted 19 March 2008 - 01:39 AM
There is a Live CD version of Rainbow Tables, called OPHcrack. It is discussed in DistroWatch, which is where I first heard of it. It is imbedded in a copy of Slackware Linux.
I tried it on Windows XP, on a system which had 4 user accounts. It cracked only one of them, which had an all-uppercase 8-character alphabetic password.
This is neither a testimonial nor a complaint. I had never before heard of Rainbow Tables, and was curious what they could do. If you wish to try them out, a Live CD is certainly a simple way to do it. In praise of OPHcrack, I booted it on a computer that has 4 hard drives. It correctly identified the 4 Windows partitions, and let me tell it which one to attack.
I tried it on Windows XP, on a system which had 4 user accounts. It cracked only one of them, which had an all-uppercase 8-character alphabetic password.
This is neither a testimonial nor a complaint. I had never before heard of Rainbow Tables, and was curious what they could do. If you wish to try them out, a Live CD is certainly a simple way to do it. In praise of OPHcrack, I booted it on a computer that has 4 hard drives. It correctly identified the 4 Windows partitions, and let me tell it which one to attack.
#8
Posted 01 April 2008 - 05:27 PM
yea you can hack it easly wiht rainbow tabs in my opion we should develept finger print scaners as passwords
It’s funny that you mention using your fingerprints as passwords. Today I read an article where hackers have basically made a fingerprint keylogger. http://www.darkreadi...p?doc_id=149661
If you think biometric scans are necessarily secure, think again: A European researcher has built a biometric keylogger that can capture fingerprint or other scans.
#10
Posted 29 May 2009 - 12:44 PM
You might want to try the database hosted at: http://hash.insidepro.com/
If you can't find your password / hash set in the database, you may want to try posting at: http://forum.insidep...m/index.php?c=3
to get some password recovery assistance for free.
If you can't find your password / hash set in the database, you may want to try posting at: http://forum.insidep...m/index.php?c=3
to get some password recovery assistance for free.
#11
Guest_(G)Graham_*
Guest_(G)Graham_*
-
- Guests
Posted 07 March 2011 - 08:51 PM
md5*2 wont save youMd5 Rainbow Tables
say someone breaks into your database and steals all the passwords but you passwords are md5(md5($password)); well the already have the outcome of that from getting the password now if they have a big enough rainbow db they can just look up the hash they have it will give them the second hash then they look that up and they have the password if you really want to keep your stuff safe use 2 different types of cryptology and a salt
-reply by GrahamReply to this topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
