If you can't read please download the document
Upload
michael-boman
View
2.852
Download
1
Embed Size (px)
Citation preview
Rainbow Tables
The end of password cracking as we know it
Agenda
Theory of password security & why it doesn't apply anymore
Demo: Cracking Windows LM Hashes
Questions & Answers
Theory of password security
Concept: Take too much resources to crack to be useful
Complex enough to make it unfeasible to crack
Precomputed passwords requires too much storage
Don't work so well anymore
Faster and faster CPUs
Cheap storage
High bandwidth network connections
Cracking windows passwords using rainbow tables
LM Hashes
Maximum 14 characters long
Broken up into two 7-character UPPER CASE strings
Lacks salt
Why are salt so important?
Without a salt the same password will always result in the same hash
Salts, if unique, adds additional bits to the mix that requires cracking
Often making rainbow tables unfeasible
Demo
Cracking an Windows LM Hash
using rainbow tables
Current state of rainbow tables
LM Hash completely broken (more or less)
MD5 rainbow tables are starting to appear
SHA1 / SHA128 / SHA256 rainbow tables are being worked upon
The Future
Salt your hashes
Move away from passwords as an authentication token
Questions & Answers
Thank You!
Slides and recorded version of the presentation will be available at http://michaelboman.org
Contact me @ michaelboman.org if you have feedback, suggestions or comments
Click to edit the title text format
Click to edit the outline text format
Second Outline Level
Third Outline Level
Fourth Outline Level
Fifth Outline Level
Sixth Outline Level
Seventh Outline Level
Eighth Outline Level
Ninth Outline Level
Copyright 2008 Michael Bomanhttp://michaelboman.org