Jump to content

Some questions about Rainbow Tables


Mr Wolf

Recommended Posts

First of all, thanks to all who make this possible! I'd like to collaborate!

So, I downloaded these LM Rainbow tables:

hxxp: www. freerainbowtables. com/rainbow_tables/lm. html

through Bittorrent (38. 8 GB compressed, it took me about 2 weeks!)

and I used them with Cain, successfully finding my password (and no! I'm not gonna tell you what it is!) and other ones (EH!EH!EH!).

Not compressed, they are 66 GB.

Then, I discovered Hak5 Rainbow tables:

hxxp: www. torrentbox. com/torrent_details?id=101385

hxxp: www. torrentbox. com/torrent_details?id=82125

First of all, can anyone tell me what's the difference among the two? Reading the "Technical Details" I couldn't find any difference, in what way ver2 is better?

Then, the essential question: why 120 GB, while the ones I downloaded are 66 GB? (Not considering the charsets are a bit different, if I'm not wrong, in the ones I downloaded there's the symbol € more).

Ok, I read here:

hxxp: wiki. hak5. org/wiki/Community_Rainbow_Tables

among the FAQs that larger=faster, but is it that all?

I read something about the theory behind Rainbow Tables, and there are some things that are not clear to me.

What I can't understand is: smaller Rainbow Tables can crack exactly the same passwords of the larger ones? They are just slower?

With the 66 GB Rainbow Tables I downloaded, it takes me about 1 hour to crack passwords (on a Pentium M 2 GHz), can anyone tell me more or less how much this time would be improved with 120 GB Rainbow Tables?

Here is an image:

width=1400 height=1050http://img153.imageshack.us/img153/464/immaginecu8.jpg[/img]

Actually, I read that with some Tables it takes only a few minutes to find password, and for example here:

hxxp: ophcrack. sourceforge. net/faq. php

the inventor of Rainbow Tables says that Rainbowcrack Rainbow tables "are neither optimized nor fast"

And the Rainbow Tables he sells here:

http://www.objectif-securite.ch/en/products.php

WS-20k, should be about 10 GB.

Any explanation will be useful, thanks!

Link to comment
Share on other sites

the bigger the tables, the more likely hood of the tables being successful on cracking a harder password, imaging the tables as a list of passwords, the bigger the list, the greater chance of the one ur looking for being in it.

Link to comment
Share on other sites

the bigger the tables, the more likely hood of the tables being successful on cracking a harder password, imaging the tables as a list of passwords, the bigger the list, the greater chance of the one ur looking for being in it.

umm duh. so yeah thats pretty much the best explanation that can be

given on the different sizes, the larger the char set = the larger the tables =

the more GBs it will take = the greater chances of you cracking the password

since its not ACTUALLY "cracking" the password pursai, its just looking up the

hashs' cooresponding plain-text version and then displaying it to you, so to help

you better understand a good synonym for rainbow table would be reference table

because thats all it really is, a table to refer what all the hashes equal.

I hope this clears up your understanding of the differences and the sizes, just post

if you have anymore questions.

Link to comment
Share on other sites

First of all, thanks for your answers!

So you say, the bigger are the tables, the more they contain hashes of the passwords?

I don't know, I think the question is more complex. For example, read here:

https://www.isc2.org/cgi-bin/content.cgi?page=738

where it talks about chains

Then, he says:

"if you double the size of the tables, you can crack four times as fast."

Link to comment
Share on other sites

"if you double the size of the tables, you can crack four times as fast."

That simply is not true.

I would say, if you double the size of the table, you double the time it takes to search threw them, but you increase the chance that the hash for the password you want is in the table by a calculable amount. Doubling the size of the table does not necessarily double the chance that the password you are cracking is in the table, though it will always increase.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...