April 17, 2014, 07:02:30 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Fudzilla Forum is open
   Home   Help Search Login Register  
Pages: [1]   Go Down
Author Topic: XP passwords cracked in 5.3 seconds  (Read 3452 times)
Posts: 17

View Profile
« on: March 15, 2010, 12:42:13 PM »

I don't really expect anyone at fudzilla to be a security expert, but on behalf of hackers worldwide:

XP 14 digit or less LM hashes are well known to be very weak. 5.3 seconds is a very believable time to crack one, using a rainbow table regardless of hard drive. If you have a decent SAN to run it on, I'm sure it's very fast there too.

Rainbow tables require many months of pre-computation, typically done on large clusters. You generate every hash from a set of characters (e.g. the set of all lower case letters) and chain them together. When you look one up, you compute to the end result, work out which it is in then start again from the start of that one until you find the correct hash for the password. This in itself is a time-memory tradeoff, as direct lookup tables would be huge. You optimise for hard drive speed and size vs cpu speed.

The reason the NVIDIA solution is still much, much faster than this (even though the article claims it is 500 times slower) is that it does not require months of pre-computation, or downloading and extracting a 50gb database, etc. It does it all there and then. 45 minutes (5.3 seconds * 500 - although I have actually seen this done in a matter of minutes, so I think they are not giving a fair comparison anyway) is much faster than months of computation or days/weeks of downloading an existing database. Particularly when you only want to do a few passwords at a time.

There are websites that you can just send the hash to and they queue you up and return a password result quite quickly anyway.
« Last Edit: March 15, 2010, 12:44:10 PM by ghell » Logged
Pages: [1]   Go Up
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!