[geeks] Commercial Password crackers
Ido Dubrawsky
idubraws at dubrawsky.org
Mon Mar 20 09:46:49 CST 2006
On Mon, Mar 20, 2006 at 09:31:26AM -0600, geeks-request at sunhelp.org wrote:
> Date: Mon, 20 Mar 2006 10:31:22 -0500
> From: velociraptor <velociraptor at gmail.com>
> Subject: Re: [geeks] Commercial Password crackers
> To: "The Geeks List" <geeks at sunhelp.org>
> Message-ID:
> <b9ce685f0603200731h7993a7c9v9c4975106ff735e0 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Is there anything for *nices that uses the same type of "rainbow
> files" that the Windows password crackers use? They seem to me to
> make more sense than dictionary files.
>
> =Nadine=
>
Not that I've heard of. The key feature is that UNIX uses a SALT to help
randomize the password hash generation. The Windows LANMAN hash has no such
feature so there are a finite number (albeit rather large) of hashes possible
in Windows LANMAN passwords. Remember, we're talking about LANMAN (i.e. the
old, backward compatible friendly password scheme used by Windows). If you
disable LANMAN hashes on your Windows domain and go strictly with the Windows
NT password (which is the password hashed with the MD4 algorithm) then you're
in as good a shape as UNIX passwords using the old crypt() function.
It would be nice to have rainbow tables for UNIX passwords but with the use
of SALTs to help randomize the hash generation even more it becomes impractical.
Ido
--
===============================================================================
Ido Dubrawsky, CISSP E-mail: ido at dubrawsky.org
Network Security Architect idubraws at siliconsec.com
dubrawsky.org
500 Hermleigh Rd
Silver Spring, MD. 20902
(301) 651-5441 (cell)
===============================================================================
More information about the geeks
mailing list