Md5 Rainbow Tables

tansqrx

Apr 27 2005, 09:09 PM

I have recently been playing around with rainbow tables. If you don't know what they are then look at www.antsight.com/zsl/rainbowcrack/ They are basically a precomplied hash table of all possible values from a particular algorithm. The most common are for the Windows Lanman hashes which can crack any possible Windows SAM in little to no time. My question is are there similar tables circulating for MD5? I got the Windows tables from bit torrent which were around 12 Gb compressed and 64 uncompressed.

Comment/Reply (w/o sign-up)

marijnnn

Apr 28 2005, 06:34 PM

yep, the idea is the same. they don't actuall crack it. they just try out any string and take the hash of it. it's ok if you know that the word you are looking for is about 8 letters long, a password or so, but it might as well be something completely different. besides, if you hash it twice, no way they'll find it...

it's kinda stupid i think.

Comment/Reply (w/o sign-up)

tansqrx

Apr 28 2005, 07:58 PM

Stupid? No way, there are still plenty of applications out there that use a MD5 hash and a plain MD5 hash at that. I agree, hashing twice or adding a seed value will throw off the rainbow tables, but as I said there are still plenty of apps that this would be useful against.

Comment/Reply (w/o sign-up)

SubTen

May 27 2005, 09:55 PM

But hashing twice won't necessarily do anything security-wise. Since a hash can have multiple corresponding passwords any password that creates the same hash is a correct password. Hashing twice only keeps someone from getting the original password.

Comment/Reply (w/o sign-up)

FeedBacker

Feb 26 2008, 12:10 AM

Replying to SubTen
No, actually, even if you hash it twice, you can still crack it pretty easily with rainbowtables.

Comment/Reply (w/o sign-up)

naro2212

Mar 17 2008, 11:22 PM

yea you can hack it easly wiht rainbow tabs in my opion we should develept finger print scaners as passwords

Comment/Reply (w/o sign-up)

docduke

Mar 19 2008, 01:39 AM

There is a Live CD version of Rainbow Tables, called OPHcrack. It is discussed in DistroWatch, which is where I first heard of it. It is imbedded in a copy of Slackware Linux.

I tried it on Windows XP, on a system which had 4 user accounts. It cracked only one of them, which had an all-uppercase 8-character alphabetic password.

This is neither a testimonial nor a complaint. I had never before heard of Rainbow Tables, and was curious what they could do. If you wish to try them out, a Live CD is certainly a simple way to do it. In praise of OPHcrack, I booted it on a computer that has 4 hard drives. It correctly identified the 4 Windows partitions, and let me tell it which one to attack.

Comment/Reply (w/o sign-up)

tansqrx

Apr 1 2008, 05:27 PM

QUOTE(naro2212 @ Mar 17 2008, 06:22 PM)

yea you can hack it easly wiht rainbow tabs in my opion we should develept finger print scaners as passwords

It’s funny that you mention using your fingerprints as passwords. Today I read an article where hackers have basically made a fingerprint keylogger. http://www.darkreading.com/document.asp?doc_id=149661

QUOTE

If you think biometric scans are necessarily secure, think again: A European researcher has built a biometric keylogger that can capture fingerprint or other scans.

Comment/Reply (w/o sign-up)

(G)YH

Mar 14 2009, 05:12 PM

question
Md5 Rainbow Tables

is there a site which can convert LN hashes to text online?

Please reply

Comment/Reply (w/o sign-up)

Atomic0

May 29 2009, 12:44 PM

You might want to try the database hosted at: http://hash.insidepro.com/

If you can't find your password / hash set in the database, you may want to try posting at: http://forum.insidepro.com/index.php?c=3
to get some password recovery assistance for free.

Comment/Reply (w/o sign-up)