RE: Rainbow Tables

From: Flory Jeffrey D Ctr 59 MDSS/MSISI (Jeffrey.Flory2.ctr@lackland.af.mil)
Date: Wed Feb 08 2006 - 14:22:21 EST


I have many tools within my aresenal that I maintain in order for me to do
my daily tasks and duties protecting my network. I will test any tool that
I think I can benefit from, once tested, I will brief the powers that be,
and proceed to utilize my new found toy.

I have downloaded and updated my LC5 so many times using various
dictionaries, hashes, etc in order to keep the personnel where I work in
compliance with all my directive policies.

Jeff
Gate Keeper

-----Original Message-----
From: T.Dudek [mailto:duderik@gmail.com]
Sent: Wednesday, February 08, 2006 8:34 AM
To: ROB DIXON
Cc: stark192@hotmail.com; pen-test@securityfocus.com
Subject: Re: Rainbow Tables

One word: "pirated software".
ok, so it's two words ;-)

I've seen enough cases where the evildoers were using lophtcrack or the
various commercial software/hardware keystroke loggers that you can buy.
Most of the time it's pirated stuff, but why not use the best you can
get/steal when you're a criminal? I'd say the "others" should be informed of
both risks, and need to be reminded that "most likely" does not really mean
anything. I wouldn't step on a plane that would "most likely" not crash..

On 2/7/06, ROB DIXON <RDIXON@workforcewv.org> wrote:
> Hey Tony,
>
> The "others" should be informed that the malicious attacker is most
> likely to NOT use "commercial" products.
>
> And that for a true benchmark, maybe use the products that a malicious
> attacker would use. Most of which will probably be open source or free
> at the least. That is assuming that they are not writing their own
> software. ;) I guess I'm asking, how do you justify "not" using free
> products?
>
> You can buy pre-computated rainbow tables, but there are different
> rainbowtables for different types of hashes. Example: ntlm, ntlmv2,
> sha1 , md5, etc.

----------------------------------------------------------------------------

--
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:28 EDT