Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: freerainbowtables.com

  1. #1
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052

    freerainbowtables.com

    I just wanted to let everyone know about freerainbowtables.com Its pretty sweet if you register you can help make rainbow tables and for all the parts you complete you get credits. Right now they have about 1200ghz of computing power :-) Ive been helping out the past couple of days I have a q6600 @ ~2.51 ghz so it runs 4 processes that generate the tables (1 for each cpu) and I am essentially generating them at 10ghz. Anyways check em out :-)

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Please explain why you would want rainbow tables, and why they should be freely available to the criminal and skiddie communities?

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    Hmm good point but I like to contribute to things

  4. #4
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Please explain why you would want rainbow tables, and why they should be freely available to the criminal and skiddie communities?
    Password recovery....pen testing.....password auditing.....learning......

    They are not freely available to the 'criminal and skiddie communities' as you put it - but rather they are free to anyone who needs them. Plus the software to generate your own is freely available anyway, likewise it is possible to freely download your own ready made tables...

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Password recovery
    If you have proper authority you do not need to do this.

    pen testing
    Nonsense! if you have obtained the password hash then the system has been penetrated.

    password auditing
    Now that really is pathetic! this is the kind of snake oil I would expect from wannabe "security consultants".

    It might have occurred to some here that if you "discover a weak password" you have just closed the stable door after the horse has bolted.......... you are already compromised............and you don't need to be a rocket scientist to figure that one out?

    If you actually believe in passwords, other than as a means of allocating blame, you would set a policy and enforce it on password generation. You would know that your system enforced your policy, and that auditing it, is a totally spurious exercise.

    learning
    Ummm, yes, well......................

    "Learning" what exactly?

    They are not freely available to the 'criminal and skiddie communities' as you put it - but rather they are free to anyone who needs them.
    Which, by definition, includes the criminal and skiddie communities.

    And I would dearly love to know who, with honest intentions, actually "needs them"?

  6. #6
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    I have actually extracted the hashes off a computer for a customer before because they wanted me to preserve their password instead of change their password on a XP machine

    And the other time Ive needed them I ran an audit on forums that I used to run to make sure all our members with special access were using secure passwords.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I have actually extracted the hashes off a computer for a customer before because they wanted me to preserve their password instead of change their password on a XP machine
    Well, I wouldn't do that.............. over here "aiding and abetting" is a felony rap.

    The only reason someone would want that is to commit a crime. If they know their password then they don't need you, and if they don't want it reset then it is because they don't want the true owner alerted to the fact that they have accessed the machine.

    And the other time Ive needed them I ran an audit on forums that I used to run to make sure all our members with special access were using secure passwords.
    Too little too late my friend Security needs to be proactive not reactive?

    For that reason I have always found IDS a strange concept. I don't want to know that someone has broken into my machine............ I want to know that an attempt was made, and that it was prevented.

  8. #8
    Senior Member
    Join Date
    Mar 2004
    Posts
    119
    Quote Originally Posted by nihil

    For that reason I have always found IDS a strange concept. I don't want to know that someone has broken into my machine............ I want to know that an attempt was made, and that it was prevented.
    Isn't that why there are now IPS's?

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Isn't that why there are now IPS's?
    Exactly! that is what I would expect to find in a production environment. The IDS comes into its own when you are attempting to analyse intruder activity without alerting or preventing them.

    I would typically associate that with some sort of honeypot.

  10. #10
    Senior Member
    Join Date
    Oct 2004
    Posts
    183
    Quote Originally Posted by nihil
    The only reason someone would want that is to commit a crime.
    What if they have used EFS? Isn't the only way to access the files by having the original password? Apologies in advance if my belief about this is wrong because I've never used it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •