.

Rainbow Tables/Crack whitepaper

<<

LSOChris

Post Sat Jul 29, 2006 4:24 pm

Rainbow Tables/Crack whitepaper

all, you can read my Rainbow Tables/ Rainbow Crack whitepaper here:
http://www.windowsecurity.com/whitepapers/Rainbow_Tables__RainbowCrack_Introduction1614.html

comments always welcome.
<<

Hug_It

Newbie
Newbie

Posts: 28

Joined: Thu Feb 23, 2006 4:21 pm

Post Sun Jul 30, 2006 10:17 am

Re: Rainbow Tables/Crack whitepaper

Great job on that paper Chris. Explains it in a very readable manner that a user could understand and still comprehensive enough for an experience security pro to get something out of it.

About the only criticism that I could think of is more of just opinion than a problem with the paper. NTLM tables are becoming easily available for anyone that really wants them and I'm somewhat paranoid so I take the stance that passwords just aren't a secure way to authenticate. Two part authentication is really the only way to protect yourself. You address this by stating all but the most determined attacker but I think the addition of two part authentication to the mitigation portion would complete this fine work.

Kudos!
CISSP
<<

LSOChris

Post Sun Jul 30, 2006 10:47 am

Re: Rainbow Tables/Crack whitepaper

thanks for the good comments and god points, i can add that to the revsion, especially since two-multifactor authentication is getting affordable for the home user.

thanks!
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Jul 30, 2006 11:36 am

Re: Rainbow Tables/Crack whitepaper

Well done.

Let me know if you'd be intersted in having us post some of your articles, especially any new ones. We're always looking for good content, and this seems to fit the bill. Keep us posted on a revision to this article. Maybe v2 will have a home at EH-Net?

All the best,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

LSOChris

Post Sun Aug 13, 2006 10:34 pm

Re: Rainbow Tables/Crack whitepaper

Hug_IT

thanks, i have updated the paper to include multifactor authentication and a few other things like more on ALT characters.  I appreciate the feedback.
<<

Hug_It

Newbie
Newbie

Posts: 28

Joined: Thu Feb 23, 2006 4:21 pm

Post Mon Aug 14, 2006 9:26 am

Re: Rainbow Tables/Crack whitepaper

No problem. It actually spurred some more research for me actually which is very timely being I'm rolling out EFS. The biggest weakness being authentication.

It seems after spending hours and hours reading and testing that NTLMv2 passwords over 14 characters seem pretty strong even with a minimum of complexity. I've read it before but never really taken the time to try and crack something that long. Beyond my technical ability for sure but that may only be for a short time. Still going to stick with two factor though. I think if you get into passwords that long you are almost forcing your users to put it on a sticky note. Of course they'll probably just leave their smartcards in their laptops all the time anyway.  ::)
CISSP
<<

LSOChris

Post Mon Aug 14, 2006 4:34 pm

Re: Rainbow Tables/Crack whitepaper

i can tell you for sure that is what they will do...trust me...i see it everyday at work now that we have gone to smartcard only logons.
<<

Hug_It

Newbie
Newbie

Posts: 28

Joined: Thu Feb 23, 2006 4:21 pm

Post Mon Aug 14, 2006 4:59 pm

Re: Rainbow Tables/Crack whitepaper

I think I'm going to try to go to dual purpose cards. We use prox cards for physical access control. If I make them dual purpose then they have to take them out to go anywhere in the building. Hopefully that will help them get used to the idea of removing them when not in use. LOL@myself. Wishful thinking I'm sure.
CISSP

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software