0
Rainbow Tables <ul><ul><li>The end of password cracking as we know it </li></ul></ul>
Agenda <ul><li>Theory of password security & why it doesn't apply anymore </li></ul><ul><li>Demo: Cracking Windows LM Hash...
Theory of password security <ul><li>Concept: Take too much resources to crack to be useful </li></ul><ul><ul><li>Complex e...
Don't work so well anymore <ul><li>Faster and faster CPUs </li></ul><ul><li>Cheap storage </li></ul><ul><li>High bandwidth...
“Cracking” windows passwords using rainbow tables <ul><li>LM Hashes </li></ul><ul><ul><li>Maximum 14 characters long </li>...
Why are salt so important? <ul><li>Without a salt the same password will always result in the same hash </li></ul><ul><li>...
Demo <ul><ul><li>Cracking an Windows LM Hash </li></ul></ul><ul><ul><li>using rainbow tables </li></ul></ul>
Current state of rainbow tables <ul><li>LM Hash completely broken (more or less) </li></ul><ul><li>MD5 rainbow tables are ...
The Future <ul><li>Salt your hashes </li></ul><ul><li>Move away from passwords as an authentication token </li></ul>
<ul><ul><li>Questions & Answers </li></ul></ul>
Thank You! <ul><ul><li>Slides and recorded version of the presentation will be available at http://michaelboman.org </li><...
Upcoming SlideShare
Loading in...5
×

Rainbow Tables End Of Password Cracking As We Know It 2008-09-05

2,473

Published on

How some password cracking have become obsolete due to advancement in time/space requirements. Original broadcast date: 2008-09-05

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,473
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
50
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Rainbow Tables End Of Password Cracking As We Know It 2008-09-05"

  1. 1. Rainbow Tables <ul><ul><li>The end of password cracking as we know it </li></ul></ul>
  2. 2. Agenda <ul><li>Theory of password security & why it doesn't apply anymore </li></ul><ul><li>Demo: Cracking Windows LM Hashes </li></ul><ul><li>Questions & Answers </li></ul>
  3. 3. Theory of password security <ul><li>Concept: Take too much resources to crack to be useful </li></ul><ul><ul><li>Complex enough to make it unfeasible to crack </li></ul></ul><ul><ul><li>Precomputed passwords requires too much storage </li></ul></ul>
  4. 4. Don't work so well anymore <ul><li>Faster and faster CPUs </li></ul><ul><li>Cheap storage </li></ul><ul><li>High bandwidth network connections </li></ul>
  5. 5. “Cracking” windows passwords using rainbow tables <ul><li>LM Hashes </li></ul><ul><ul><li>Maximum 14 characters long </li></ul></ul><ul><ul><li>Broken up into two 7-character UPPER CASE strings </li></ul></ul><ul><ul><li>Lacks salt </li></ul></ul>
  6. 6. Why are salt so important? <ul><li>Without a salt the same password will always result in the same hash </li></ul><ul><li>Salts, if unique, adds additional bits to the mix that requires cracking </li></ul><ul><ul><li>Often making rainbow tables unfeasible </li></ul></ul>
  7. 7. Demo <ul><ul><li>Cracking an Windows LM Hash </li></ul></ul><ul><ul><li>using rainbow tables </li></ul></ul>
  8. 8. Current state of rainbow tables <ul><li>LM Hash completely broken (more or less) </li></ul><ul><li>MD5 rainbow tables are starting to appear </li></ul><ul><li>SHA1 / SHA128 / SHA256 rainbow tables are being worked upon </li></ul>
  9. 9. The Future <ul><li>Salt your hashes </li></ul><ul><li>Move away from passwords as an authentication token </li></ul>
  10. 10. <ul><ul><li>Questions & Answers </li></ul></ul>
  11. 11. Thank You! <ul><ul><li>Slides and recorded version of the presentation will be available at http://michaelboman.org </li></ul></ul><ul><ul><li>Contact me @ michaelboman.org if you have feedback, suggestions or comments </li></ul></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×