-
March 31st, 2006, 02:51 PM
#1
Junior Member
Creating Rainbow tables
Hi, im wondering does any here have any tips for creating rainbow tables for SHA-1.
I read a good tutorial here
http://www.antsight.com/zsl/rainbowc...cktutorial.htm
But was looking for some more information, i.e is there any tricks for creating the tables quicker.
Apreciate any help given
-
March 31st, 2006, 03:02 PM
#2
Re: Creating Rainbow tables
Originally posted here by FcKgW
i.e is there any tricks for creating the tables quicker.
Yes, use more computers.. Each calculating part of the total table.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
March 31st, 2006, 03:12 PM
#3
Junior Member
cheers for your reply, however i only have 1 crappy dell so i guess it will probaly take a year or so.
I just thought there might have been a way to create them quicker.
-
March 31st, 2006, 03:56 PM
#4
Hi
I like those rainbow-table questions...
FcKgW, I guess you want to be able to "crack"
SHA-1 hashes of passwords at 100%. Nowadays,
I would say it is fair to assume that passwords have
a length of 8 with an alphabet of 80 characters
(a-z, A-Z, 0-9,<,>,!,+, ...).
So you have (more than) 80^8 possible passwords.
Say, you are able to calculate 1'000'000 SHA-1 hashes
per second. A year has 3600*24*365= 31'536'000
seconds.
It will still take you 53 years. Follow SirDice's advice...
...and then, you have not taken into account that
often passwords are salted prior to storage.
Cheers.
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
March 31st, 2006, 05:44 PM
#5
sec_ware......tooo......many.....numbers.....*faints*....lol
that's a long time for a complete table
there's always a way in...
-
March 31st, 2006, 06:13 PM
#6
Use FPGAs so you can do it all in parralel, although a nice Xilinx Virtex-4 will set you back a couple of grand...
i2c
-
March 31st, 2006, 06:25 PM
#7
Junior Member
A good trick with Rainbow tables is to disregard the following chars: , . / ; ' [ ] \ < > ? : " { } |
I did this with my rainbow tables and it only took about 2 months on 3 different computers.
Make sure your charset looks like the following:
alpha-numeric-symbol14-space = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+= ]
also you will create 6 tables with 4 rows each. When I did this I get about an 80-95% of cracking 100 complex passwords within an hour.
your table format will look something like this:
lm_alpha-numeric-symbol14-space#1-7_(table#)_5400x67108864_1(row#).rt
Hope this helps!
-wow finally i get to put my 2 cents in!
-
March 31st, 2006, 06:33 PM
#8
I have never delt with rainbow tables before, just dictionary and brute forcing. Are rainbow tables better?
there's always a way in...
-
March 31st, 2006, 06:38 PM
#9
Junior Member
They are much better... its the basis of Time-Memory Trade-Off. Personally I like Rainbow, but you have to be able to pull in the pw hash's which require you to be and admin. I use it at work to make sure that our users are following company policy with their passwords. If you are trying to do something illegal then do not use rainbow, it is an admin tool not a hxor tool.
-
March 31st, 2006, 07:16 PM
#10
Junior Member
Thanks for your advice C4573R 7R0Y, ill keep at it, its going to take ages but in the long run its much better.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|