Collaborate Disseminate
I’ve got a question about rainbow table length. This is a purely theoretical, math-driven thought exercise; I just want to make sure I’m understanding the concepts and representing them correctly.
Note: I know about entropy… Continue reading Thought Exercise for Rainbow Table Size
I’ve got a question about rainbow table length. This is a purely theoretical, math-driven thought exercise; I just want to make sure I’m understanding the concepts and representing them correctly.
Note: I know about entropy… Continue reading Thought Exercise for Rainbow Table Size
As part of security testing, I will receive around 150 to 200 Active Directory password hashes from Windows Server 2012 R2 (using NTLM?).
I have found NTLM rainbow tables (1,5 TB total), that covers all password length less … Continue reading Should I use rainbow tables or bruteforce (NTLM)?
I want check if my various passwords are in lists of cracked passwords, but I don’t want to type the passwords online. For example, I’d rather scroll through an ordered list of passwords that have been merged from all rainbo… Continue reading Is there a way to check lists of cracked passwords without revealing my password?
Passwords are not generally held by websites, instead, they hold hashes of your passwords.
When there’s a breach, these hashes are stolen and they are matched against rainbow tables of pre generated password hashes.
Is it fair to say that … Continue reading Are stronger passwords safe in case of a breach?
Passwords are not generally held by websites, instead, they hold hashes of your passwords.
When there’s a breach, these hashes are stolen and they are matched against rainbow tables of pre generated password hashes.
Is it fair to say that if your password is a genuinely secure password, like xy%5-xthrs32£ that you are still safe. Far far safer than someone with a password like Princess123 or my favourite LetMeIn.
I know the answer is that in the event of a breach, you should always change your password, I’m just trying to understand the security aspect. So, when talking to to someone with a genuinely random password – eg one generated by a good password manager – is it fair to say you are probably safe?
Continue reading Are stronger passwords safe in case of a breach?
This question already has an answer here:
how long does it take to actually generate rainbow tables?
4 answers
I want to know… Continue reading Time of generating rainbow table for MD5 hashing password up to 12 character [duplicate]
Problem space
I’m way out of my pay grade, I’m trying to figure out
How much randomness does a call to random() actually provide in PostgreSQL?
SELECT random();
Whether or not you can reasonably guess that much randomnes… Continue reading How many combinations of md5sums can be computed from a call to random() in PostgreSQL?
In Wi-Fi penetration testing, is it possible to use rainbow tables/hash tables on WPA/WPA2 networks?
Is there an advantage of one over the other?
Where would one get said tables or can th… Continue reading Rainbow tables/hash tables versus WPA/WPA2
With large computing power (like what you can get in the Amazon cloud for example) you can generate huge rainbow tables for passwords. There also seems to be some large rainbow tables reachable that you have to pay for.
What are the large… Continue reading Length of passwords that are rainbow table safe