well that's true........salted passwords is really become popular, but like very security there's a way to break it(past, present or future....)
First you do not always have the luxury of the Internet. Second I doubt plain-text.com can crack anything seeing as how it is a parked domain.... Finally, Plain-text and other online cracking sites can not "bust in seconds" salted hashs which are becoming more and more popular.Originally Posted by guardianx
Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.
well that's true........salted passwords is really become popular, but like very security there's a way to break it(past, present or future....)
Watch your back, your packetz will belong to me soon... xD
BackTrack : Giving Machine Guns to Monkeys since 2006
ok i don't know if anybody here knows about hope-six,
but it's a hacking/network security meeting that happens every year.
(feel free to correct me)
i downloaded all the audio from this years meeting, i'm hosting it on azureus right now but nobody wants it evidently..
AAAAAAAAAnyway i heard that rainbow tables are becoming a thing of the past because of _________ <------- i'll get back to you
and bruteforcing has too many tradeoffs with time and memory, specifically time. it takes too long sometimes.
anyway this guy, one of the lecturers (i will edit this later when i boot windows and listen to it again) was talking about he has just over 10 GB of all the possible password combinations and he can crack any password in less than a min, or even less than like 30 seconds alot of the time.
so basically, what are we going to do when every network security auditor/ enthusiast has 10 GB of password combinations to refrence against and crack instantly?
seems like it would make passwords ALMOST pointless eventually.
does anybody know anything about this?
where will we go from here is my question
CALCULATIONS FIXED
10GB doesn't seem very realistic. I might believe that he gets something around 80% of passwords (lay person passwords) from a 10GB list but I full list of 8 char passwords would take up many TeraBytes.
(^ = exponent or power of)
26^8 = 208 827 064 576 Bytes
= 194.485359 GB (GigaBytes)
That ignores uppercase, numbers, special characters.
52^8 = 5.34597285 × 10^13 (w/ uppercase)
62^8 = 2.18340106 × 10^14 (w/ numbers)
95^8 = 6.63420431 × 10^15 (w/ special chars [ascii 32-47, 58-64, 91-96, 123-126]) {6,178,584.24 GigaBytes}
etc... (ascii 0-31 haven't been included)
Edit: References to rainbow tables becoming obsolete are probably because of:
http://forums.remote-exploit.org/showthread.php?t=9188
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
He heard it on the inturweb, so it must be true.
Careful with this one though, he might smite thee with fireballs from his arse.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
I know that a NUMERIC wordlist I created ranging with ALL POSSIBLE COMBOS...from 0-9999999999 was like 9.30 GIGS by itself. Now thats just 10 digits!! Mix All alpha possibilities.... starting with a and ending in zzzzzzzzzz....thats 26 possibilities per character 26^10 power!!!..and thats gonna be MUCH MUCH more than 9.30 gigs!! And thats not counting Uppercase or a mix of them!!..Or more than a 10 character password!! Some passwords are longer than 20 characters!!
Obviously this guy with his 10GB wordlist..is a moron.
BTW...Anybody know off hand...whats the longest password you can have concerning WPA/WPA2???
[CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
[CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
[/B][/SIZE]
[URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
[/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
[/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
[/CENTER]
Edit: See other posts....thats 26 possibilities per character 26^10 power...
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
You sure its not...
(26^10) bytes = 131472.103 gigabytes
cause... ....
(10^26) bytes = 9.31322575 × 1016 gigabytes
EQUALS...
9.31322575 × 1016 gigabytes = 9.24046617 terabytes
doesn't sound right.
Because there are 26 possibilities per character..and that to the 10th power is
(26^10) bytes = 131472.103 gigabytes
I think I'm right.
But then again..I am taking DMAT 0097 remedial college algebra!!
[CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
[CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
[/B][/SIZE]
[URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
[/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
[/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
[/CENTER]
ok i don't know if anybody here knows about hope-six,
but it's a hacking/network security meeting that happens every year.
(feel free to correct me)
i downloaded all the audio from this years meeting, i'm hosting it on azureus right now but nobody wants it evidently..
AAAAAAAAAnyway i heard that rainbow tables are becoming a thing of the past because of _________ <------- i'll get back to you
and bruteforcing has too many tradeoffs with time and memory, specifically time. it takes too long sometimes.
anyway this guy, one of the lecturers (i will edit this later when i boot windows and listen to it again) was talking about he has just over 10 GB of all the possible password combinations and he can crack any password in less than a min, or even less than like 30 seconds alot of the time.
so basically, what are we going to do when every network security auditor/ enthusiast has 10 GB of password combinations to refrence against and crack instantly?
seems like it would make passwords ALMOST pointless eventually.
does anybody know anything about this?
where will we go from here is my question
-------------------------------------------------------------------------------------------------------
ok this is the edit, i lied about some stuff but heres the just of it..
the guy's name is jason aridas, he is a security officer and works with hospitals and spends most of his time in research.
the thing he was talking about was time-memory tradeoff, essentiall he was giving up about 1.8 TB of storage for saving time in cracking passwords instantly.
this is all based on a hash database system, he used md5lookup.
he saved all password combinations up to 8 digits long to multiple hard-drives and brought them up when he was cracking.
he can do 60 passwords in under a min. and 1 instantly.
he said that rainbow tables are weak and innacurate WHEN you are cracking ALOT of passwords.
you save time by saving all these combonations to a hd or multiple hd's.
this would really only be possible in a large security firm, unless you decided to collect hd's for a hobby.
i just thought it was neat though.
I"M SORRY I MISSED TWO ZEROS IT WAS ONE IN THE MORNING HERE!
ha ha ha jk, see my previous post though
Posting Permissions