Robert Lemos, SecurityFocus 2005-11-09
A trio of entrepreneurial hackers hope to do for the business of password cracking what Google did for search and, in the process, may remove the last vestiges of security from many password systems.
Colapse all |
Post comment
Gold at the end of rainbow cracking?
2005-11-09
Anonymous (4 replies)
Anonymous (4 replies)
Re: Gold at the end of rainbow cracking?
2005-11-10
Anonymous (1 replies)
Anonymous (1 replies)
Sorry for my lack of knowledge about "salting" but when the passwor dhas to be validated how does the implementation know what random bits to add to the entered passoword ?...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Gold at the end of rainbow cracking?
2005-11-10
Anonymous (2 replies)
Anonymous (2 replies)
Re: Re: Re: Gold at the end of rainbow cracking?
2005-11-11
Anonymous (2 replies)
But if you have used some sort of exploit to gain access to the password file. What stops you from resolving the hash via the rainbow tables and then removing the salt from the resulting cleartext ?...
[ more ] [ reply ]
Anonymous (2 replies)
But if you have used some sort of exploit to gain access to the password file. What stops you from resolving the hash via the rainbow tables and then removing the salt from the resulting cleartext ?...
[ more ] [ reply ]
No, it's not practical to lookup salted passwords
2005-11-14
Roger
Roger
"What stops you from resolving the hash via the rainbow tables and then removing the salt from the resulting cleartext ?"
You can't resolve a salted password in the tables (at least, it's extremely unlikely). The Rainbow Tables aren't a magical device for inverting any hash, they are simply a cle...
[ more ] [ reply ]
You can't resolve a salted password in the tables (at least, it's extremely unlikely). The Rainbow Tables aren't a magical device for inverting any hash, they are simply a cle...
[ more ] [ reply ]
Re: Gold at the end of rainbow cracking?
2005-11-11
Roger
Roger
Good points. Just a couple of comments:
1. Of course, plain old crypt() hasn't really been the Unix default, at least on Linux, for years. Nearly all systems now use the MD5 version and quite a few now use SHA1. These use 48 bits of salt which isn't quite as dramatic as 64 bits but is already enoug...
[ more ] [ reply ]
1. Of course, plain old crypt() hasn't really been the Unix default, at least on Linux, for years. Nearly all systems now use the MD5 version and quite a few now use SHA1. These use 48 bits of salt which isn't quite as dramatic as 64 bits but is already enoug...
[ more ] [ reply ]
Gold at the end of rainbow cracking?
2005-11-10
Anthony LAI, CISSP, CISM (1 replies)
Anthony LAI, CISSP, CISM (1 replies)
It triggers another thought of mine. For example, here is a school teaching others how to use guns, someone would like to use them in a lawful and proper way but others would like to make an attack. Normally, there are some rules/poliies to control such kind of school and even the start of business ...
[ more ] [ reply ]
[ more ] [ reply ]
Gold at the end of rainbow cracking?
2005-11-10
Mike B (3 replies)
Mike B (3 replies)
I feel like I must be missing something, but aren't the hashes of the passwords usually stored in a protected file, such as /etc/shadow?
Regardless as to whether or not the password is hashed, shouldn't it still be hidden from normal users? Shouldn't it be non-trivial to collect the hashes to su...
[ more ] [ reply ]
Regardless as to whether or not the password is hashed, shouldn't it still be hidden from normal users? Shouldn't it be non-trivial to collect the hashes to su...
[ more ] [ reply ]
Re: Gold at the end of rainbow cracking?
2005-11-10
Pete (3 replies)
Pete (3 replies)
My questions are similar to Mike B's ...
How do the RainbowCrack tables help someone who is sitting at a login prompt on either a Unix box or a PC with a Windows OS on it? There must be tools in existance that will lock an account after, say, 10 incorrect login attempts on either of those system...
[ more ] [ reply ]
How do the RainbowCrack tables help someone who is sitting at a login prompt on either a Unix box or a PC with a Windows OS on it? There must be tools in existance that will lock an account after, say, 10 incorrect login attempts on either of those system...
[ more ] [ reply ]
Re: Re: Gold at the end of rainbow cracking?
2005-11-11
Roger (1 replies)
Roger (1 replies)
"How do the RainbowCrack tables help someone who is sitting at a login prompt on either a Unix box or a PC with a Windows OS on it?"
The answer is, not at all. That is not what this attack does; this attack is for determining the actual password after an (unsalted) password hash has been obtained...
[ more ] [ reply ]
The answer is, not at all. That is not what this attack does; this attack is for determining the actual password after an (unsalted) password hash has been obtained...
[ more ] [ reply ]
Re: Re: Gold at the end of rainbow cracking?
2005-11-11
Anonymous
Anonymous
I believe the issue is to do with defence in depth, and the known proclivities of people to use the same passwords on different systems. (if this isn't the case, I'd be glad to hear!)
So, you break into one system and gain admin rights (bypassing the password system somehow, or using a password ...
[ more ] [ reply ]
So, you break into one system and gain admin rights (bypassing the password system somehow, or using a password ...
[ more ] [ reply ]
Re: Gold at the end of rainbow cracking?
2005-11-11
Roger
Roger
This attack is not effective against /etc/shadow, not simply because /etc/shadow is hidden from the attacker (which, as others have pointed out, is a first line of defense only), but because it's passwords are salted -- heavily salted, in the case of reasonably modern versions.
Rather the attack ...
[ more ] [ reply ]
Rather the attack ...
[ more ] [ reply ]
Re: Gold at the end of rainbow cracking?
2005-11-14
Anonymous
Anonymous
There are a variety of ways to get the hashes.
Eg.
Lanman network authentication traffic (easier
with hubs than switches, but still doable with switches).
Websites that use NTML authentication and not HTTPS. There will be a "Authorization" head that
will provide hashes.
etc.
So yes ...
[ more ] [ reply ]
Eg.
Lanman network authentication traffic (easier
with hubs than switches, but still doable with switches).
Websites that use NTML authentication and not HTTPS. There will be a "Authorization" head that
will provide hashes.
etc.
So yes ...
[ more ] [ reply ]
Gold at the end of rainbow cracking?
2005-11-11
Anonymous (1 replies)
Anonymous (1 replies)
The main idea of it, Mike, I think is leveraging a lower exploit, gaining the information (local passwords) and then further imbedding yourself in the network...
Penetration testers have been doing this for ages with WiFi as the initial attack vector, or an open workstation....
[ more ] [ reply ]
Penetration testers have been doing this for ages with WiFi as the initial attack vector, or an open workstation....
[ more ] [ reply ]
Re: Gold at the end of rainbow cracking?
2005-11-24
Anonymous (1 replies)
Anonymous (1 replies)
Bingo !! 100% rite , the first thing a Haxor does if he has illegally gined access is dunp the SAM in txt form, then as this dude says .. imbeds himself in the network,...
[ more ] [ reply ]
[ more ] [ reply ]
Ok - so the default unix variety that addes two characters isn't a particularly great enhancement, but by adding an extra 64bits (or more...
[ more ] [ reply ]