Re: Rainbow tables on Linux?

[Johan 'yosh' Marklund <yosh@yosh.se>]

Ed Wiget skrev:
> On Thursday 23 October 2008 06:53:05 Christian Franke wrote:
>   
>> On 10/23/2008 12:14 PM, Johann Spies wrote:
>>     
>>> Is it possible to use rainbow tables with a password cracker on Linux
>>> like 'john'?  If so, how?  If not, is it possible with any other
>>> password cracker on Linux?
>>>       
>
> If you are not trying to break in and just testing windows passwords, then I 
> assume you also have access to the real passwords and usernames.  Why don't 
> you just import them into linux and test them from there.  My reasoning is 
> that if john can determine the passwords relatively quickly, then the 
> passwords are too weak.    
>
> I did some performance testing on john using a dual core patch vs single core 
> at http://www.edwiget.name/content/view/195/27/
>
> the open source rainbow tables are about 121GB (if my memory serves me 
> correctly) and are only available via bittorrent.  I think it took me about 2 
> months to download them.  http://www.antsight.com/zsl/rainbowcrack/
>
> Also, something to consider, if you (or an attacker) have physical or remote 
> access, game is over anyways....irregardless of passwords.
>
>   
Still, it's sneakier to logon with somebody elses account. And if they
retain their original password, who would suspect anything? :o

/yosh