Re: Rainbow tables on Linux?
On Thu, Oct 23, 2008 at 09:27:56AM -0400, Ed Wiget wrote:
> If you are not trying to break in and just testing windows passwords, then I
> assume you also have access to the real passwords and usernames. Why don't
> you just import them into linux and test them from there. My reasoning is
> that if john can determine the passwords relatively quickly, then the
> passwords are too weak.
I am doing it on Linux. It is actually my own password on a server
that I forgot. I can use other means (like ssh into the machine using
public key authentication and sudo) to change the password, but I am
curious about two things: Why I could not remember it and how to use
Linux tools to crack it.
> I did some performance testing on john using a dual core patch vs single core
> at http://www.edwiget.name/content/view/195/27/
> the open source rainbow tables are about 121GB (if my memory serves me
> correctly) and are only available via bittorrent. I think it took me about 2
> months to download them. http://www.antsight.com/zsl/rainbowcrack/
Yes I know they are huge. But how would you use when targeting Linux
passwords? As some said on this list it does not seem practical to use
rainbow tables on Linux passwords.
> Also, something to consider, if you (or an attacker) have physical or remote
> access, game is over anyways....irregardless of passwords.
Interesting point: this server is a Xen-domU and although I have
access to the physical server, it is a bit more complicated to do
interrupt the boot process to get root access.
Thanks to all the people contributing to this thread.
Johann Spies Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch
"Do all things without murmurings and disputings:
That ye may be blameless and harmless, the sons of
God, without rebuke, in the midst of a crooked and
perverse nation, among whom ye shine as lights in the
world;" Philippians 2:14,15