That was too cool! Thanks for sharing it with all of us.

Slimjim100

Digg this video:

http://www.digg.com/security/Video_All_You_Ever_Wanted_to_Know_About_PW_Cracking_and_Rainbow_Tables

Don

Good video, however it would have been much more realistic if you at least included one decent strength password (time lapse it, or highlight the cracking time or whatever).

It was a very illustrative video to show someone the steps however it should also point out the fact that cracking a good password could take days or be impossible. PenTesters would love if all PW crack attempts only took minutes or hours and gave them something to show their clients however that's not really realistic. If you're PenTesting for a client that doesn't have a decent password policy then there's a lot of work they need on sec management, policy and governance before jumping into technical evaluation(s) of their apps, systems, or infrastructure.

I did notice a few numbers but I didn't notice much mixed case or non-alpha num characters (!@#$%^*, etc).... though I guess that would require a much much larger set of tables.

However, your point about it not taking days is well received. I went hunting after your reply a noticed that passwords of a strength which I'd feel confident suggesting to a client still fell in <20min (based on the example at the bottom of the rainbowcrack.com main page).