From: Stark192 (stark192@hotmail.com)
Date: Sun Feb 12 2006 - 21:27:42 EST
Hello,
I'd first like to thank everyone who responded to my RainbowCrack questions,
great suggestions and helped greatly! I gott'a say, this list has given the
best responses to a question than any other list I've subscribed!!
Would someone please remind me of the name of the program used to take a
list of words and hashes them into a pre-computed hash table to be used in
one of the password crackers like LC5 or one of the others? I've seen/have
many of the hash creators that will build a table from a row of characters
but I need to use it for a list of words. I really can not remember the
name.
Thanks again!
Tony
-----Original Message-----
From: T.Dudek [mailto:duderik@gmail.com]
Sent: Wednesday, February 08, 2006 11:30 AM
To: julie.holmwood
Cc: stark192@hotmail.com; pen-test@securityfocus.com
Subject: Re: Rainbow Tables
One word: "pirated software".
ok, so it's two words ;-)
I've seen enough cases where the evildoers were using lophtcrack or
the various commercial software/hardware keystroke loggers that you
can buy. Most of the time it's pirated stuff, but why not use the best
you can get/steal when you're a criminal?
I'd say the "others" should be informed of both risks, and need to be
reminded that "most likely" does not really mean anything. I wouldn't
step on a plane that would "most likely" not crash..
On 2/7/06, ROB DIXON <RDIXON@workforcewv.org> wrote:
> Hey Tony,
>
> The "others" should be informed that the malicious attacker is most
likely to NOT use "commercial" products.
>
> And that for a true benchmark, maybe use the products that a malicious
attacker would use. Most of which will probably be open source or free at
the least. That is assuming that they are not writing their own software. ;)
> I guess I'm asking, how do you justify "not" using free products?
>
> You can buy pre-computated rainbow tables, but there are different
rainbowtables for different types of hashes. Example: ntlm, ntlmv2, sha1 ,
md5, etc.
----------------------------------------------------------------------------
-- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- -- This email has been verified as Virus free Virus Protection and more available at http://www.plus.net ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:30 EDT