Date: Sat, 9 Sep 2006 16:57:20 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Using a pre-computed list of alphanumeric strings. (not rainbow tables) On Mon, Aug 28, 2006 at 05:50:46PM -0400, John wrote: > Before someone answers this message, yes I do understand what a salted hash > is, and why running a rainbow table on such a hash would be > ineffective... Actually, it could work for small salt sizes - but you would need many sets of smaller rainbow tables - e.g., 4096 for the traditional crypt(3). > if I have a pre-computed hash table with hashes of every > alphanumeric combination up to say, 14 chars long, As others have pointed out, you're not going to have it. You can have one for 7-character LM hash halves, though. However, even if you're smart enough to store partial hashes or to index by partial hashes and store plaintext password deltas, you're not going to save more than a few hours of CPU time per hard drive - for a reasonable modern system - and less than that when cracking large numbers of hashes. Rainbow tables are a lot more efficient than that; their only downside is that they don't provide a guarantee (but rather a very high chance) that every alphanumeric (or whatever) password will be cracked. > why couldn't something like this be used in place of a word list? It could, but saltless hashes tend to be so fast that this doesn't make sense. The traditional crypt(3) is slower, but you'd have to store 4096 times more data (yet this was implemented in QCrack in 1995). -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ