Enough with the Insanity: Dictionary Based Rainbow Tables

Here at Florida State University we modified a popular program, rcrack, so that it can create Rainbow Tables by mangling dictionary words. This allows us to attack strong passwords such as 'P@ssword!2' which would not be vulnerable to normal Rainbow Tables. In this talk, not only will we discuss our attack but also methods to protect against it. People have known for at least twenty years how to protect against hash lookup attacks, but the password hashes used by Microsoft Windows and many websites are still vulnerable to it. We will also release our tools along with some custom Rainbow Tables we have generated to attack Windows NTLM, (aka not LANMAN), password hashes.

Presented by

Links