Md5 Rainbow Tables

[tansqrx 0]

I have recently been playing around with rainbow tables. If you don't know what they are then look at http://forums.xisto.com/no_longer_exists/ They are basically a precomplied hash table of all possible values from a particular algorithm. The most common are for the Windows Lanman hashes which can crack any possible Windows SAM in little to no time. My question is are there similar tables circulating for MD5? I got the Windows tables from bit torrent which were around 12 Gb compressed and 64 uncompressed.

[marijnnn 0]

yep, the idea is the same. they don't actuall crack it. they just try out any string and take the hash of it. it's ok if you know that the word you are looking for is about 8 letters long, a password or so, but it might as well be something completely different. besides, if you hash it twice, no way they'll find it...it's kinda stupid i think.

[tansqrx 0]

Stupid? No way, there are still plenty of applications out there that use a MD5 hash and a plain MD5 hash at that. I agree, hashing twice or adding a seed value will throw off the rainbow tables, but as I said there are still plenty of apps that this would be useful against.

[SubTen 0]

But hashing twice won't necessarily do anything security-wise. Since a hash can have multiple corresponding passwords any password that creates the same hash is a correct password. Hashing twice only keeps someone from getting the original password.

[iGuest 3]

Replying to SubTenNo, actually, even if you hash it twice, you can still crack it pretty easily with rainbowtables.

[naro2212 0]

yea you can hack it easly wiht rainbow tabs in my opion we should develept finger print scaners as passwords

[docduke 0]

There is a Live CD version of Rainbow Tables, called OPHcrack. It is discussed in DistroWatch, which is where I first heard of it. It is imbedded in a copy of Slackware Linux.

I tried it on Windows XP, on a system which had 4 user accounts. It cracked only one of them, which had an all-uppercase 8-character alphabetic password.

This is neither a testimonial nor a complaint. I had never before heard of Rainbow Tables, and was curious what they could do. If you wish to try them out, a Live CD is certainly a simple way to do it. In praise of OPHcrack, I booted it on a computer that has 4 hard drives. It correctly identified the 4 Windows partitions, and let me tell it which one to attack.

[tansqrx 0]

yea you can hack it easly wiht rainbow tabs in my opion we should develept finger print scaners as passwords

Itâs funny that you mention using your fingerprints as passwords. Today I read an article where hackers have basically made a fingerprint keylogger. http://www.darkreading.com/default.asp

If you think biometric scans are necessarily secure, think again: A European researcher has built a biometric keylogger that can capture fingerprint or other scans.

[iGuest 3]

questionMd5 Rainbow Tables

is there a site which can convert LN hashes to text online?

Please reply

[Atomic0 0]

You might want to try the database hosted at: http://finder.insidepro.com/

If you can't find your password / hash set in the database, you may want to try posting at: https://forum.insidepro.com/index.php?c=3
to get some password recovery assistance for free.

[iGuest 3]

md5*2 wont save youMd5 Rainbow Tables

say someone breaks into your database and steals all the passwords but you passwords are md5(md5($password)); well the already have the outcome of that from getting the password now if they have a big enough rainbow db they can just look up the hash they have it will give them the second hash then they look that up and they have the password if you really want to keep your stuff safe use 2 different types of cryptology and a salt

-reply by Graham