Jump to content

Hak5 Community Rainbow Tables: NTLM vs. MD5 Final Vote


silivrenion

Which algorithm table should be pursued next?  

80 members have voted

  1. 1.

    • NTLM
      35
    • MD5
      5


Recommended Posts

This is the official poll to decide between NTLM or MD5 for the next generation project for the Rainbow Tables group. If you aren't familiar with the rainbow tables group, visit http://www.hak5.org/wiki/index.php?title=C..._Rainbow_Tables

Why is your vote important? Because these tables are created for the community that wants to use them, you!

NTLM

Used in Windows Vista and advanced Windows XP Hashes.

Easily accessible from Windows due to SAM/Storage security flaws.

Affects a larger percentage of the public.

MD5

Used in online systems, forums, SQL, etc.

Hashes are harder to get.

Smaller applicable userbase.

Please cast your vote. This poll expires on Jan 20, 2007.

Link to comment
Share on other sites

NTLM to what complexity? The tables for 255 characters with all possibilities is a bit of an undertaking.

Can we get some charts and graphs before we decide.

Personally my login password is 21 characters long including both case alpha, numeric, and $pecials

Then again, I'm paranoid.

Link to comment
Share on other sites

NTLM to what complexity? The tables for 255 characters with all possibilities is a bit of an undertaking.

Can we get some charts and graphs before we decide.

Personally my login password is 21 characters long including both case alpha, numeric, and $pecials

Then again, I'm paranoid.

AFAIK NTLM is much harder to do than LM. If you're able to do lowercase 1-6 a-z you should be happy.

One problem is that most NTLM password are longer than 14 characters. If your password is shorter it's stored as an LM-hash (if you haven't specifically disabled that).

So most likely if you see no LM-hash the password is longer than 14 characters. Which pretty much makes rainbow tables useless... Just look at sites like plain-text.info, their NTLM crack-ratio is very very low.

Link to comment
Share on other sites

NTLM for sure, a few months ago I was skeptical about NTLM, but since Vista seems to use it still without a salt then it seems like we will be able to use these tables for a good amount of time.
That's true. It might be a good investment for the future. And then that whole less-than-14-characters issue isn't relevant.
Link to comment
Share on other sites

From what I understand, the NTLM hash is always stored. The LM hash is only stored for backwards compatibility, and can be disabled as others have said. LM hashes do not conserve case (but NTLM does), so if the authorization procedure is coded properly (to check against NTLM whenever possible, and ignore the LM hash) you still do not know which case the letters need to be in for the login to be successful, after cracking the LM hash.

As for size of tables and so on, this depends on what kind of performance you want. Here's a quick run-down of what the variables are:

* Chain length: Increase this, and you will cover more passwords in the same amount of disk space. However, this makes the tables slower to operate on.

* Chain count: Increasing this will make each table in the set larger, but will require less tables to achieve the same coverage. Experimentation shows that fewer but bigger individual tables (same total size) should be faster to operate on: http://img65.imageshack.us/img65/7299/tablespeedri7.png (note the Max cryptanalysis time at the bottom)

* Number of tables: Increasing this raises the amount of passwords in the specified range that will be covered by the table set, and also increases the total size.

* Min/Max password length: Fairly obvious, increasing the max length rapidly increases the amount of storage needed AND/OR the complexity of the tables (see chain length).

* Character set: Defines which characters will make up the passwords you pre-compute. Adding characters increases the amount of disk space needed AND/OR the table complexity. If a password contains a character outside those in your defined character set, the hash of that password will not be in the tables.

Selecting the values to use is all about knowing your priorities (speed? coverage? size?), and balancing them. Both NTLM and MD5 are 16 byte hashes, so the values selected for one of them can be used for the other one to make an equivalent table set with the other algorithm with the same resulting disk size and so on. The screenshot above uses both upper- and lowercase alpha, digits, space, and 14 symbol characters in its character set, however these are not all the ones that can be produced, even on an English keyboard. Including 32 symbols rather than just 14 immediately makes it harder to achieve the same coverage without annoying losses in either search time, disk space, or both ( http://img441.imageshack.us/img441/7327/tablespeed2cx8.png ). Again, this all about priorities.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...