Jump to content

256-bit AES Rainbow Tables - Where do I find them?


Recommended Posts

Posted

Hello

Used wireshark to sniff some passwords, and have been told that I'll need to decrypt them, and the best way to do that will be by using Rainbow Tables.

Do I use the same rainbow tables I use for cracking windows passwords? (eg ones that I generated using Winrtgen)

Please reply, as I've never done this before!

Thanks in advance,

USBHacker

Posted
Hello

Used wireshark to sniff some passwords, and have been told that I'll need to decrypt them, and the best way to do that will be by using Rainbow Tables.

Do I use the same rainbow tables I use for cracking windows passwords? (eg ones that I generated using Winrtgen)

Please reply, as I've never done this before!

Thanks in advance,

USBHacker

The best way might not be a rainbow table. What are the passwords for?

The AES rainbow table is completely defeated with the use of even a simple salt (the current some or some thing stupid).

Posted

The passwords are ones that I sniffed using wireshark.

All I know is what the little blue firefox favicon feature told me: AES-256 256-bit

Might as well try decrypting it with rainbow tables... so can you please tell me how I can go about decrypting it?

And what to look for in wireshark so that I know which is the hash to decrypt?

Please reply

Thanks in advance,

Panarchy

Posted
All I know is what the little blue firefox favicon feature told me: AES-256 256-bit

The SSL session key to your browser?

A rainbow table won't work on a AES key, well, it will, but you need a 3.06499108 × 10^54 Yottabyte rainbow table (if my Google is correct).

Posted

^Shite, that's a lot of bytes!

:lol:

So can you please tell me what I can do to 'break' the SSL AES 256-bit encryption so I can read the password?

Thanks in advance,

USBHacker

Posted

Yes that is true, you cannot use Rainbow Tables on AES, you see AES encryption isn't a pussy like LM hashes, its really bullet-proof crypto (used by the U.S. government for documents up to 'top secret') you can also forget trying to brute force AES. In order to break the crypto you'll need more info then just the encrypted data, you'll never (or at least in this millennium) be able to decrypt it alone (with today's technology).

So can you please tell me what I can do to 'break' the SSL AES 256-bit encryption so I can read the password?

The short answer is you cannot. You'll need to use alternate methods, like a MiTM where you remove SSL links on pages going to the victim, which is only effective because no one ever looks to see if their shit is encrypted (with the exception of most people reading this).

Do I use the same rainbow tables I use for cracking windows passwords?

No, windows passwords are usually encrypted into LM or NTLM hashes, AES is a completely different type of cryptography. This would be like trying to decipher a message written in French with a Japanese dictionary.

3.06499108 × 10^54 Yottabyte rainbow table

Note this is larger then the entire internet, and that AES isn't considered strong encryption, only strong enough. There are much stronger encryption ciphers out like two-fish, if you ever run into it, good luck breaking it!

You could also just try asking him for the password...

More Resources on AES:

Design of the Cipher

Goverment Paper on the Advanced Encryption Standard (AES)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...