Enough with the Insanity: Dictionary Based Rainbow Tables

ShmooCon V - 2009

Presented by: Daniel
Date: Sunday February 08, 2009
Time: 10:00 - 11:00
Location: Front Room
Track: Build It!

Here at Florida State University we modified a popular program, rcrack, so that it can create Rainbow Tables by mangling dictionary words. This allows us to attack strong passwords such as 'P@ssword!2' which would not be vulnerable to normal Rainbow Tables. In this talk, not only will we discuss our attack but also methods to protect against it. People have known for at least twenty years how to protect against hash lookup attacks, but the password hashes used by Microsoft Windows and many websites are still vulnerable to it. We will also release our tools along with some custom Rainbow Tables we have generated to attack Windows NTLM, (aka not LANMAN), password hashes.

Links

Matt Weir

Matt Weir is a PhD student at Florida State University. Before his journey back into academia, he worked as a network security engineer for Northrop Grumman. The projects he's been a part of have ranged from providing first responders with wireless access, to assisting the Defense Department with computer forensics. Why he decided to go back to school no one knows (including him sometimes). It wasn't the pay that's for sure!


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats