The Hak5 RainbowTables project has finished generating the 120GB LM All tableset, and they are now available for public download via Bittorrent.
Technical Details
Charset: all (ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|:;”’,.?/)
Plaintext Length Range: 1-7
Key Space: 68^1 + 68^2 + 68^3 + 68^4 + 68^5 + 68^6 + 68^7 = 6823331935124
Disk Usage: 120GB
Success Rate: 1 – (1 – calc_success_prob(6823331935124, 9000, 8000000000/8)) ^ 8 = 0.9990
Mean/Max cryptanalysis time: 197.0106s/915.2542s*
Max Disk Access Time: 3802.2s*
Typical 666MHz CPU
The Torrent download is available here: hak5_rtables_lm_all_1-7.torrent
What is a Rainbow Table?
A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function, often a cryptographic hash function. A common application is to make attacks against hashed passwords feasible. Salt is often employed with hashed passwords to avoid this attack.
A full description can be found here: http://en.wikipedia.org/wiki/Rainbow_table
Well I finally did it, I passed both of my GIAC Certified Incident Handler (GCIH) exams with 89% on each!
This was the first time I had a chance to use the SANS OnDemand training method and I have some mixed feelings about it:
Pros
Cons
Anyone else have similar experiences with this method from SANS?
The guys at eEye have started a new website that shows great promise: The Zero-Day Tracker
From the eEye blog:
We are pleased to announce the release of eEye Research’s Zero-Day Tracker. This site will help the community keep track of past and present zero-day vulnerabilities in real-time. This isn’t a simple link repository, but instead personalized analysis information from eEye researchers. If something is reported as a non-exploitable bug, we’ll make sure to exhaust the flaw for exploitability, as we have shown with the ASX Playlist and the ADODB.Connection ActiveX zero-day vulnerabilities. We will also always try to do our best to provide recommendations on what users can do to mitigate any zero-day vulnerabilities.
All future critical zero-day vulnerabilities will of course be added to the list, and any past zero-day vulns can also be requested by the community. Simply email us to request some additional zero-day posts, or even if you just have some general questions regarding the site or anything related to eEye Research.
This is a great initiative in my opinion.