Chris has done what amounts to an academic paper on rainbow tables. This impressive article has to be one of the most definitive works on the subject. I hope the readers appreciate the kind of work it takes to bring you this type of content.

Hats off Chris!

Tutorial: Rainbow Tables and RainbowCrack

Don

I've mentioned this in another post, but it's worth mentioning here. Ophcrack has a live, bootable CD:


Don

PS - Help get Chris' awesome work noticed by digging this story.

Way to go Chris, this just made frontpage digg.com

Very nice write up! I am one of the founders of www.plain-text.info and I still feel people do not listen to the fact weak passwords is negligence. I do want to add one thing. You explained how NTLM is better and LM (true) and that users should migrate over to NTLM. I agree it's the right way to go but remember to that LM is still around because networks and domains still have Windows 9X & NT PC's on there domains. If you force you domain/LAN to only NTLM you will push out all the older M$ PC's. Anyway nice paper and good luck on you keeping the Trojans out. I just opened a new web site (www.anti-hacker.info) and I get all kinds of kiddies hitting it.

Slimjim100

www.anti-hacker.info

last night I thought I'd try to create some rainbow tables.  I followed Chris' tutorial and the one on http://www.antsight.com/zsl/rainbowcrack/rcracktutorial.htm. 

I didn't see that I should have done "rtgen lm alpha 1 7 0 2100 8000000 all" for my first table, so I did "rtgen lm alpha 1 7 1 2100 8000000 all".  This finished in a few hours and the description I saw for it was:
rtgen lm alpha 1 7 2 2100 8000000 all
hash routine: lm
hash length: 8
plain charset: ABCDEFGHIJKLMNOPQRSTUVWXYZ
plain charset in hex: 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 5
4 55 56 57 58 59 5a
plain length range: 1 - 7
plain charset name: alpha
plain space total: 8353082582
rainbow table index: 1

I then proceeded to "rtgen lm alpha 1 7 2 2100 8000000 all" and the info I saw for this was:
hash routine: lm
hash length: 8
plain charset: ABCDEFGHIJKLMNOPQRSTUVWXYZ
plain charset in hex: 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 5
4 55 56 57 58 59 5a
plain length range: 1 - 7
plain charset name: alpha
plain space total: 8353082582
rainbow table index: 2

These both look quite identical to me.  I thought they would have different plain charsets or am I missing something?

lm alpha 1 7 0 2100 8000000 all is being generated right now...

Thanks.

I see that I can either generate my own rainbow tables with the help of the Tutorial on this site or I could download the SSTIC04-10k rainbow table.

What do you guys prefer?  Any benefits to doing it either way?  I just finished generating and sorting my 5 rainbow tables.

I made my own back when rainbowcrack was released but I went out and did the team method. If you can find a small group of others that want to help you can just make the scripts and assign them out. My little team was called "Midga.org" (note the domain is now a friends mudding site) but after getting up and running we merged with another group and made plain-text.info and at last count I think we are up to about 2+ terabytes of tables. I would not recommend buying rainbow tables as half the fun is customizing them to fit your needs. I have 250 gig of tables on an external hard drive I keep with me for offline cracking and when I need more power I then move to web based tables.

Slimjim100

Found it!  http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/

Thanks.