Increase your password’s character length

Still remember Project Rainbow Crack? No its not a game by Tom Clancy (Rainbow Six). Rainbow Crack is a hash cracker.

A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”. It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.

Rainbow Crack was created by Zhu Shuanglei as a  general purpose implementation of Philippe Oechslin‘s faster time-memory trade-off technique.

The latest version of RainbowCrack is 1.2

Some ready to work lanmanager and md5 tables are demonstrated in Rainbow Table section. One interesting stuff among them is the lm #6 table, with which we can break any windows password up to 14 characters in a few minutes.

lm configuration #6

charset [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;”‘,.?/ ]
keyspace 7555858447479 (2^42.8)
table size 64 GB
success probability 0.999
This table set is capable of cracking windows password(up to 14 characters) of charset “ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_+=~`[]{}|\:;”‘,.?/ ” in a few minutes, with the success rate 99.9%.
This charset includes all possbile characters on a standard keyboard (not including those alt+xxx characters). So this table set is likely to crack any windows password up 14 characters in minutes.
It will take several years if we compute these tables on single computer. However, the actual time is reduced to a few months with a lot of computers to work parallelly.     

Demo: crack of following windows password:
    D2@,:H?+e5#: $

So the question now is… How long is your password? Think about it! 14 alphanumeric characters with special characters cracked within a few minutes 

What’s even more thought provoking is that there is already an online hash cracking service that is based on Rainbow Tables. Check them out @ RainbowCrack Online. RainbowCrack Online is not free though they have several pricing plans that could cater to your requirements. And in the event that those plans are not at par with your requirements… you can avail of their dedicated server solutions.

Yes, yes, I know Rainbow Tables has been there for a long time already but that doesn’t mean you’ll just ignore its capabilities.

A good remedy to this would be multi-factored authentication (tokens, biometrics, etc.). If not possible, then using longer passwords with more than 14 characters in length would probably work.

Did you know that you can use passphrases instead of just passwords in Windows? Did I say phrases? Yes! Windows supports passphrases; you can use several words separated by a space. Now wouldn’t that be easier to remember? 😉


About this entry