-
March 9th, 2008, 03:53 AM
#1
freerainbowtables.com
I just wanted to let everyone know about freerainbowtables.com Its pretty sweet if you register you can help make rainbow tables and for all the parts you complete you get credits. Right now they have about 1200ghz of computing power :-) Ive been helping out the past couple of days I have a q6600 @ ~2.51 ghz so it runs 4 processes that generate the tables (1 for each cpu) and I am essentially generating them at 10ghz. Anyways check em out :-)
-
March 9th, 2008, 09:16 AM
#2
Please explain why you would want rainbow tables, and why they should be freely available to the criminal and skiddie communities?
-
March 9th, 2008, 07:27 PM
#3
Hmm good point but I like to contribute to things
-
March 9th, 2008, 09:20 PM
#4
Please explain why you would want rainbow tables, and why they should be freely available to the criminal and skiddie communities?
Password recovery....pen testing.....password auditing.....learning......
They are not freely available to the 'criminal and skiddie communities' as you put it - but rather they are free to anyone who needs them. Plus the software to generate your own is freely available anyway, likewise it is possible to freely download your own ready made tables...
-
March 10th, 2008, 11:46 AM
#5
If you have proper authority you do not need to do this.
Nonsense! if you have obtained the password hash then the system has been penetrated.
Now that really is pathetic! this is the kind of snake oil I would expect from wannabe "security consultants".
It might have occurred to some here that if you "discover a weak password" you have just closed the stable door after the horse has bolted.......... you are already compromised............and you don't need to be a rocket scientist to figure that one out?
If you actually believe in passwords, other than as a means of allocating blame, you would set a policy and enforce it on password generation. You would know that your system enforced your policy, and that auditing it, is a totally spurious exercise.
Ummm, yes, well......................
"Learning" what exactly?
They are not freely available to the 'criminal and skiddie communities' as you put it - but rather they are free to anyone who needs them.
Which, by definition, includes the criminal and skiddie communities.
And I would dearly love to know who, with honest intentions, actually "needs them"?
-
March 10th, 2008, 12:20 PM
#6
I have actually extracted the hashes off a computer for a customer before because they wanted me to preserve their password instead of change their password on a XP machine
And the other time Ive needed them I ran an audit on forums that I used to run to make sure all our members with special access were using secure passwords.
-
March 10th, 2008, 01:07 PM
#7
I have actually extracted the hashes off a computer for a customer before because they wanted me to preserve their password instead of change their password on a XP machine
Well, I wouldn't do that.............. over here "aiding and abetting" is a felony rap.
The only reason someone would want that is to commit a crime. If they know their password then they don't need you, and if they don't want it reset then it is because they don't want the true owner alerted to the fact that they have accessed the machine.
And the other time Ive needed them I ran an audit on forums that I used to run to make sure all our members with special access were using secure passwords.
Too little too late my friend Security needs to be proactive not reactive?
For that reason I have always found IDS a strange concept. I don't want to know that someone has broken into my machine............ I want to know that an attempt was made, and that it was prevented.
-
March 11th, 2008, 08:32 AM
#8
Originally Posted by nihil
For that reason I have always found IDS a strange concept. I don't want to know that someone has broken into my machine............ I want to know that an attempt was made, and that it was prevented.
Isn't that why there are now IPS's?
-
March 11th, 2008, 08:58 AM
#9
Isn't that why there are now IPS's?
Exactly! that is what I would expect to find in a production environment. The IDS comes into its own when you are attempting to analyse intruder activity without alerting or preventing them.
I would typically associate that with some sort of honeypot.
-
March 11th, 2008, 11:40 AM
#10
Originally Posted by nihil
The only reason someone would want that is to commit a crime.
What if they have used EFS? Isn't the only way to access the files by having the original password? Apologies in advance if my belief about this is wrong because I've never used it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|