Rainbow Tables

The end of password cracking as we know it

Agenda

Theory of password security & why it doesn't apply anymore

Demo: Cracking Windows LM Hashes

Questions & Answers

Theory of password security

Concept: Take too much resources to crack to be useful

Complex enough to make it unfeasible to crack

Precomputed passwords requires too much storage

Don't work so well anymore

Faster and faster CPUs

Cheap storage

High bandwidth network connections

Cracking windows passwords using rainbow tables

LM Hashes

Maximum 14 characters long

Broken up into two 7-character UPPER CASE strings

Lacks salt

Why are salt so important?

Without a salt the same password will always result in the same hash

Salts, if unique, adds additional bits to the mix that requires cracking

Often making rainbow tables unfeasible

Demo

Cracking an Windows LM Hash

using rainbow tables

Current state of rainbow tables

LM Hash completely broken (more or less)

MD5 rainbow tables are starting to appear

SHA1 / SHA128 / SHA256 rainbow tables are being worked upon

The Future

Salt your hashes

Move away from passwords as an authentication token

Questions & Answers

Thank You!

Slides and recorded version of the presentation will be available at http://michaelboman.org

Contact me @ michaelboman.org if you have feedback, suggestions or comments

Click to edit the title text format

Click to edit the outline text format

Second Outline Level

Third Outline Level

Fourth Outline Level

Fifth Outline Level

Sixth Outline Level

Seventh Outline Level

Eighth Outline Level

Ninth Outline Level

Copyright 2008 Michael Bomanhttp://michaelboman.org