a companion discussion area for blog.codinghorror.com

Rainbow Hash Cracking


#161

Is there any good reason a salt should be made up of printable/typeable [sp?] characters?

I mean, how many rainbow tables consider e.g. ASCII 9 as a character that could be in you password? I’m guessing not many.
If you can be sure it won’t break your hashing software even ASCII 0, which I would imagine brings in all sorts of incompatibility with the concept of a 0-terminated string. (Which may or may not be relevant -either way, don’t refute the entire argument based on why 0-terminated strings are irrelevant)

This is effectively just obfuscation which I am aware should never be confused with security, but it seems to me a bright idea.
At least until someone cares to point out why I’m being an idiot.


#162

I have some doubt about effectiveness of salt. Indeed it’s fake security. I’m gonna to illustrate you something.

MD5 is like a division in which we take quotient and/or remainder part and stop. For instance: 5/2=2 remainder 1
We were originating this with 5 and 5. The same result is possible also dividing 50 by 20 = 2 remainder 1
Now … what’s the meaning adding salt to password if the resulting md5 it’s just something that I can obtain in a different manner ? I would say if the hash f74g28dae85 is obtainable with 'holy-shit+password, but I can obtain it also with ‘trouble’ … it’s not necessary that I now the original salt+password ( ‘holy-shit’+password )… once I got the combination of characters that generates the same hash, I’m ready.
What does it mean ?

It means that weak points of md5 sha1, 2 etc are:

  • fixed length
  • manner in which they are generated: they are not univoque
  • fixed charset

from the other side, something univoque is easily decryptable too.

In few words: if you generate a simple database containing each combination of hash’s characters and for each one at least ONE word that generates it, you cracked all the md5 world.

md5 returns a string of 32 characters. They are alphanumeric but the set is: 0123456789abcdef it’s hexadecimal.

so you have to generate a db that contains a finite number of md5 and it’s related generating word.

How many do they are ? being 32 fixed characters in which each one has 16 possible variations, the number is huge but not so much and it’s finite:
16 rise 32 power what a number.
16^32=3,4028236692093846346337460743177e+38
it means that you have to find: 1,0633823966279326983230456482243e+37 words
but each letter is 1 byte ( 8 bit ) so each word is 256 bytes long
it will require an amount of bytes: 8,7112285931760246646623899502533e+40
it means: 75557863725914323419136 Enna Bytes !!! ( 1 Enna byte = 1024 Peta Bytes … 1 byte = 8 bit and 1 kBytes = 1 024 bits )

Are you capable to do this ?
Are you talking again about weak points of md5 and the necessity to insert salt ?
I really can tell you that if you obtain this huge database, you can put the salt into the toilet because it’s useless.
But even with rainbow tables that actually are on line you can put it on toilet, because it’s just PROBABILITY, to find a combination of characters that gives the same result of your password + salt.
What is the probability ? it’s of course in the worst case 1/3,4028236692093846346337460743177e+38 and normalizing this you obtain 2,9387358770557187699218413430556e-37%
Of course, you can be lucky at the second tentative to get one. ore more in 20 tentatives. The frequency of this is totally unknown and it’s unknown the probability to find immediately 10 words that generates the same hash of other 10 … statistically is equally distributed … in the reality depends from your ass-factor :slight_smile:

Best Regards


#163

mmm, i dont know show the LM hash
but thanx for the info


#164

TEEEEEEEEEEST


#165

teeeeeeeeest


#166

There is, however, a fundamental flaw with all password security systems: http://xkcd.com/538/


#167

X74@z3!

So there.


#168

Nothing


#169

I prefer windows password reset 6.0


#170

http://www.resetwindowspassword.com/


#171

Please,Help Me…

31d6cfe0d16ae931b73c59d7e0c089c0 NT Hash Admin Password ?


#172

ronaldschaafsma


#173

This is a guide for cracking passwords in Windows under XP, 2000, 98, and 95, all of which use roughly the same architecture. As you know, passwords are stored in windows in a weak hash form, the first kind of which is called the LM (Lan Manager) Hash. Passwords longer than 7 characters are broken up into 7-character chunks, made uppercase, and then hashed with DES.


#174

In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory.


#175

Nice writeup. I normally go about cracking hashes in a different way though. Rainbow tables are great if you have a single hash that needs to be cracked, but they can take a very long time if you have hundreds of hashes. My order goes something like this:

  1. Online hash crackers like gdataonline.com or www.netmd5crack.com
  2. Wordlist attacks via cain and able oxid.it
  3. Rainbow table attacks via ophcrack or rcracki
  4. Brute Force via john or cain

Very nice write up


#176

Nice writeup. I normally go about cracking hashes in a different way though. Rainbow tables are great if you have a single hash that needs to be cracked, but they can take a very long time if you have hundreds of hashes. My order goes something like this:

  1. Online hash crackers like gdataonline.com or www.netmd5crack.com
  2. Wordlist attacks via cain and able oxid.it
  3. Rainbow table attacks via ophcrack or rcracki
  4. Brute Force via john or cain

Very nice write up


#177

The basic idea is that although nobody in their right minds stores passwords except in hashed form, even this is easy to crack if you have enough time and memory to compute all hashes in advance


#178

I think that a random salt is possible when used with expires times (ex.: 30sec) and 2 requests (first to get random salt and second to send hash(salt + hash(pwd)). Of course this approuch is only viable when used in auth remote systems (like websites). =)


#179

I think that a random salt is possible when used with expires times (ex.: 30sec) and 2 requests (first to get random salt and second to send hash(salt + hash(pwd)). Of course this approuch is only viable when used in auth remote systems (like websites). =)


#180

a href="http://www.owasp.org/index.php/Hashing_Java"http://www.owasp.org/index.php/Hashing_Java/a