You wouldn't expect this rainbow table to work on the passwords with non-alphanumeric characters (%&^$# and the like) because the table doesn't contain those characters. I used it to attack some passwords I set up in a Windows XP virtual machine with the following results: Even that small-ish table is remarkably effective.
That's the default table you get with the Ophcrack bootable ISO. The smallest rainbow table available is the basic alphanumeric one, and even it is 388 megabytes. It takes a long time to generate these massive rainbow tables, but once they're out there, every attacking computer can leverage those tables to make their attacks on hashed passwords that much more potent. How enormous are rainbow tables? The installation dialog for Ophcrack should give you an idea: It's a classic time-memory tradeoff, exactly the sort of cheating shortcut you'd expect a black hat attacker to take. An attacking PC could certainly calculate all these hashes on the fly, but taking advantage of a massive table of pre-computed hash values enables the attack to proceed several orders of magnitude faster- assuming the attacking machine has enough RAM to store the entire table (or at least most of it) in memory. Even if an attacker gained access to the hashed version of your password, it's not possible to reconstitute the password from the hash value alone.īut it is possible to attack the hashed value of your password using rainbow tables: enormous, pre-computed hash values for every possible combination of characters. Instead, passwords are stored as the output of a hash function. At least they shouldn't be, unless you're building the world's most insecure system using the world's most naive programmers. To understand how rainbow tables work, you first have to understand how passwords are stored on computers, whether on your own desktop, or on a remote web server somewhere. No, not the kind of rainbows I have as my desktop background. Why is Ophcrack so fast? Because it uses Rainbow Tables.
The Geekwisdom password strength meter rates it "mediocre". The Microsoft password strength checker rates it "strong". Most people would consider that password fairly secure. How fast? It can crack the password "Fgpyyih804423" in 160 seconds. The multi-platform password cracker Ophcrack is incredibly fast.
0 kommentar(er)
