Creating Rainbow tables
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Creating Rainbow tables

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    15

    Creating Rainbow tables

    Hi, im wondering does any here have any tips for creating rainbow tables for SHA-1.
    I read a good tutorial here

    http://www.antsight.com/zsl/rainbowc...cktutorial.htm


    But was looking for some more information, i.e is there any tricks for creating the tables quicker.

    Apreciate any help given

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403

    Re: Creating Rainbow tables

    Originally posted here by FcKgW
    i.e is there any tricks for creating the tables quicker.
    Yes, use more computers.. Each calculating part of the total table.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Junior Member
    Join Date
    Mar 2006
    Posts
    15
    cheers for your reply, however i only have 1 crappy dell so i guess it will probaly take a year or so.
    I just thought there might have been a way to create them quicker.

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    I like those rainbow-table questions...

    FcKgW, I guess you want to be able to "crack"
    SHA-1 hashes of passwords at 100%. Nowadays,
    I would say it is fair to assume that passwords have
    a length of 8 with an alphabet of 80 characters
    (a-z, A-Z, 0-9,<,>,!,+, ...).

    So you have (more than) 80^8 possible passwords.
    Say, you are able to calculate 1'000'000 SHA-1 hashes
    per second. A year has 3600*24*365= 31'536'000
    seconds.

    It will still take you 53 years. Follow SirDice's advice...

    ...and then, you have not taken into account that
    often passwords are salted prior to storage.

    Cheers.
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  5. #5
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    sec_ware......tooo......many.....numbers.....*faints*....lol
    that's a long time for a complete table
    there's always a way in...

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Use FPGAs so you can do it all in parralel, although a nice Xilinx Virtex-4 will set you back a couple of grand...

    i2c

  7. #7
    Junior Member
    Join Date
    Nov 2005
    Posts
    12
    A good trick with Rainbow tables is to disregard the following chars: , . / ; ' [ ] \ < > ? : " { } |

    I did this with my rainbow tables and it only took about 2 months on 3 different computers.
    Make sure your charset looks like the following:

    alpha-numeric-symbol14-space = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+= ]

    also you will create 6 tables with 4 rows each. When I did this I get about an 80-95% of cracking 100 complex passwords within an hour.

    your table format will look something like this:

    lm_alpha-numeric-symbol14-space#1-7_(table#)_5400x67108864_1(row#).rt

    Hope this helps!
    -wow finally i get to put my 2 cents in!

  8. #8
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    I have never delt with rainbow tables before, just dictionary and brute forcing. Are rainbow tables better?
    there's always a way in...

  9. #9
    Junior Member
    Join Date
    Nov 2005
    Posts
    12
    They are much better... its the basis of Time-Memory Trade-Off. Personally I like Rainbow, but you have to be able to pull in the pw hash's which require you to be and admin. I use it at work to make sure that our users are following company policy with their passwords. If you are trying to do something illegal then do not use rainbow, it is an admin tool not a hxor tool.

  10. #10
    Junior Member
    Join Date
    Mar 2006
    Posts
    15
    Thanks for your advice C4573R 7R0Y, ill keep at it, its going to take ages but in the long run its much better.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides