Skip

Pre-Brute Forced Password Cracking
November 11, 2005 3:51 AM   Subscribe

RainbowCrack Online aims to enable anyone (who'll pay their subscription) to crack a password given the password hash, and get the clear-text password back instantly by looking it up against their 500GB Rainbow Table. Of course, you've been able to use John the Ripper or l0phtcrack to do this using your own computational power (and time) to crack a password before (or do it online) but now it's just Click and Crack... You still not using shadows?
posted by benzo8 (16 comments total)

 
that's a little scary.
posted by ph00dz at 4:21 AM on November 11, 2005


*yawn* doesn't work on salted passwords. Call me when they have hashes for every possible combination of bytes up to 16 chars and maybe i'll care then.
posted by alexst at 4:25 AM on November 11, 2005


Works scarily well for NTLM (even with SYSKEY). This is due to an insane cutting-up of passwords into 7-character chunks before encrypting the password. Very odd, very counter-productive.

(I know this because I spent two weeks of CPU time generating some NTLM tables myself! :P)
posted by PuGZ at 4:50 AM on November 11, 2005


Whereas you can do it for free on rainbowcrack.com in exchange for lending your computing power to the effort.
posted by sohcahtoa at 5:06 AM on November 11, 2005


Also, just yesterday I was trying to get a quote on a copy of l0phtcrack -- symantec bought @Stake months ago and now claim to have no idea about the software. Guess it's off the market.

John works perfectly fine, of course. 2500 out of 5000 NTLM hashes in under an hour.
posted by sohcahtoa at 5:07 AM on November 11, 2005


?
posted by nola at 5:13 AM on November 11, 2005


nola writes "?"

> No password found for that hash...
posted by benzo8 at 5:16 AM on November 11, 2005


From the shadow passwords link: "most current Linux distributions do not contain the Shadow Suite installed. This includes Slackware 2.3, Slackware 3.0..." and "Since a 4GB hard drive can be had for under $1000.00..."

Think you could find anything on shadow passwords that's a little less ancient? I'm running Slack 10.2 and just picked up a 4 gig microdrive for about $100. This article is close to 10 years old now.
posted by caution live frogs at 5:55 AM on November 11, 2005


Subscriptions? I'm not sure this is the kind of people I want to give my credit card details to...
posted by clevershark at 6:15 AM on November 11, 2005


So... This is handy for cracking encrypted emails, but not hotmail accounts or porn, right? Or am I reading this wrong?
posted by klangklangston at 6:28 AM on November 11, 2005


caution live frogs writes "Think you could find anything on shadow passwords that's a little less ancient?"

Well, The Linux Documentation Project has never been reknowned for its timeliness. There's plenty of other information on the 'Net, and within your individual distro I guess which is much more up-to-date. Maybe you should write an up-to-the-minute HOWTO and submit it?

klangklangston writes "This is handy for cracking encrypted emails, but not hotmail accounts or porn, right? Or am I reading this wrong?"

Password hashes are used (in this guise) for obscuring login passwords for linux and WindowsNT-based systems. Rather than storing the users' passwords in a recognisable form, the sytem hashes then with an algorithm that only works one way - you can go password->hash but not (easily) hash->password. When a user enters their password, the system hashes their entry and compares it against the stored hash - if it's the same, the password is right and they're granted entry. This way, even if someone gains access to the passwords list on a compromised system, they don't have the passwords.

Of course, if someone takes the time to make a table of every possible password and its associated hash value, it's a much more simple job if you have the hash of finding the right password. That's what this site is offering - a backwards look up of passwords form hashes.
posted by benzo8 at 6:43 AM on November 11, 2005


I thought that, even with rainbow tables, it still takes such a long time to crack a password with 14 or more characters, that such passwords are still thought of as "safe."
posted by afroblanca at 6:56 AM on November 11, 2005


Expanding on benzo8's explanation, many systems now "salt" passwords with a precalculated value.

So, instead of doing password->hash, they do password+random value->hash.

When the user is logging in, the password they give is added with the same random value and hashed. In this way, hash tables are made much, much less useful.
posted by odinsdream at 7:06 AM on November 11, 2005


What do these rainbow tables store? They don't store every possible hashed value. There are too many possible words, even in only 8 letter passwords, only assuming upper and lowercase roman letters (each entry would have to be less than a byte if it fit in 500 gb of data).

So I am assuming this is some kind of dictionary attack. But 500GB seems really big for that. So what is it that their table is?

(528=53459728531456.
500 GB = 536870912000, thus 0.01 bytes for each word. No dice).

Or am I confused?
posted by teece at 10:12 AM on November 11, 2005


just yesterday I was trying to get a quote on a copy of l0phtcrack

That can be found here.
posted by o0o0o at 11:24 AM on November 11, 2005


o0o0o: Thanks. I know I can get a copy, just not how to buy a copy. Goofy, I know.
posted by sohcahtoa at 11:57 AM on November 11, 2005


« Older The Story of Suicides at the Golden Gate Bridge   |   10,000 Saviors in your pocket Newer »


This thread has been archived and is closed to new comments



Post