D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] The power of the rainbow ...

 

On Fri, 12 Mar 2010, Simon Waters wrote:

Gordon Henderson wrote:

and it gave me the password in about 2 seconds flat.

So that about wraps it up for windows passwords.

But if this attack is only 100 times faster you've only gone from
minutes to seconds. If it only took minutes before it wasn't exactly secure.

I think their use of SSD technolgoy to store and give high-speed access to the database was interesting - however it means that cracking an entire servers's worth of passwords is fesable - in seconds to minutes rather than hours now.

I don't actually know how the password-file is stored on a Win server though, but for a Samba server it's there and fairly easy to get.

I was somewhat surprised when it cracked a 14-character random password I used to test it with - in about 2 seconds!

The "salt" in our unixy passwords are going to keep the safe from rainbow table cracking - for a short while anyway!

Gordon

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html