USBHacker Posted August 27, 2008 Posted August 27, 2008 Hello Used wireshark to sniff some passwords, and have been told that I'll need to decrypt them, and the best way to do that will be by using Rainbow Tables. Do I use the same rainbow tables I use for cracking windows passwords? (eg ones that I generated using Winrtgen) Please reply, as I've never done this before! Thanks in advance, USBHacker Quote
Sparda Posted August 27, 2008 Posted August 27, 2008 Hello Used wireshark to sniff some passwords, and have been told that I'll need to decrypt them, and the best way to do that will be by using Rainbow Tables. Do I use the same rainbow tables I use for cracking windows passwords? (eg ones that I generated using Winrtgen) Please reply, as I've never done this before! Thanks in advance, USBHacker The best way might not be a rainbow table. What are the passwords for? The AES rainbow table is completely defeated with the use of even a simple salt (the current some or some thing stupid). Quote
USBHacker Posted August 27, 2008 Author Posted August 27, 2008 The passwords are ones that I sniffed using wireshark. All I know is what the little blue firefox favicon feature told me: AES-256 256-bit Might as well try decrypting it with rainbow tables... so can you please tell me how I can go about decrypting it? And what to look for in wireshark so that I know which is the hash to decrypt? Please reply Thanks in advance, Panarchy Quote
Sparda Posted August 27, 2008 Posted August 27, 2008 All I know is what the little blue firefox favicon feature told me: AES-256 256-bit The SSL session key to your browser? A rainbow table won't work on a AES key, well, it will, but you need a 3.06499108 × 10^54 Yottabyte rainbow table (if my Google is correct). Quote
USBHacker Posted August 27, 2008 Author Posted August 27, 2008 ^Shite, that's a lot of bytes! So can you please tell me what I can do to 'break' the SSL AES 256-bit encryption so I can read the password? Thanks in advance, USBHacker Quote
sablefoxx Posted August 28, 2008 Posted August 28, 2008 Yes that is true, you cannot use Rainbow Tables on AES, you see AES encryption isn't a pussy like LM hashes, its really bullet-proof crypto (used by the U.S. government for documents up to 'top secret') you can also forget trying to brute force AES. In order to break the crypto you'll need more info then just the encrypted data, you'll never (or at least in this millennium) be able to decrypt it alone (with today's technology). So can you please tell me what I can do to 'break' the SSL AES 256-bit encryption so I can read the password? The short answer is you cannot. You'll need to use alternate methods, like a MiTM where you remove SSL links on pages going to the victim, which is only effective because no one ever looks to see if their shit is encrypted (with the exception of most people reading this). Do I use the same rainbow tables I use for cracking windows passwords? No, windows passwords are usually encrypted into LM or NTLM hashes, AES is a completely different type of cryptography. This would be like trying to decipher a message written in French with a Japanese dictionary. 3.06499108 × 10^54 Yottabyte rainbow table Note this is larger then the entire internet, and that AES isn't considered strong encryption, only strong enough. There are much stronger encryption ciphers out like two-fish, if you ever run into it, good luck breaking it! You could also just try asking him for the password... More Resources on AES: Design of the Cipher Goverment Paper on the Advanced Encryption Standard (AES) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.