RE: password questions

Sat, 10 Sep 2011 16:27:35 -0700 

It's simply not practical to crack the 256 char Extended-ASCII set even for 
relatively short passwords of 8 chars.  The closest I can find [1] is a 576GB 
set of tables to crack ASCII chars 32-95 and a max of 8 chars.  That's less 
than 1/4th the entire Extended-ASCII keyspace.

Perusing through the discussion group on a distributed rainbow table generation 
program[2], I don't find any support for either longer passwords or larger 
character sets tables. The best I can find is long passwords with a hybrid 
approach where they crack 10 char passwords, but only ones that follow a 
specific formula - [A-Z][a-z]{5}[a-z0-9]{2}[0-9]{1,3}

As for generating my own tables, here's a calculator[3] that I think 
demonstrates the futility of that for any large keyspace.

Again, we still haven't dipped into 2-byte (Unicode) characters, which will 
square the keyspace.

Finally, this quote is interesting[4]:
...Most password crackers cannot crack passwords with ALT characters...
Granted, this article is a few years old, but it does seem to support the list 
of safe alt-chars that I mentioned previously so I think that still has some 
value.


[1] http://project-rainbowcrack.com/buy.php
[2] https://www.freerainbowtables.com/phpBB3/topic2629.html
[3] http://www.tobtu.com/rtcalc.php
[4] http://www.ethicalhacker.net/content/view/94/24/


-----Original Message-----
From: Ben Scott [mailto:[email protected]] 
Sent: Friday, September 09, 2011 8:03 PM
To: NT System Admin Issues
Subject: Re: password questions

On Fri, Sep 9, 2011 at 6:02 PM, Crawford, Scott <[email protected]> wrote:
> I don't think that's true.  Point me to a rainbow table that has that 
> large of a keyspace.  I can't say I've looked exhaustively, but I've 
> not been able to find one that even exhausts the entire ascii space, let 
> alone Unicode.

  Use a program that lets you generate your own rainbow tables for whatever 
character set you want.  RainbowCrack does, I believe.

  People on this list have claimed to have such rainbow tables.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin

Reply via email to