Re: Rainbow Tables

From: ROB DIXON (rdixon@workforcewv.org)
Date: Wed Feb 08 2006 - 09:55:09 EST

• Next message: Leif Ericksen: "RE: Pen-Test and Social Engineering"
• Previous message: T.Dudek: "Re: Rainbow Tables"
• Maybe in reply to: stark192@hotmail.com: "Rainbow Tables"
• Next in thread: Flory Jeffrey D Ctr 59 MDSS/MSISI: "RE: Rainbow Tables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Good point.

You said it better than I did. I wasn't trying to be one directional. I just thought that the "others" shouldn't restrict him to one avenue.

Thanks for clairifying!
Robert L. Dixon, CSO
CHFI A+
State of West Virginia's
West VIriginia Office of Techonology
Infrastructure Applications
Netware/GroupWise Administrator
Telephone: (304)-558-5472 ex.4225
Email:rdixon@workforcewv.org
>>> "T.Dudek" <duderik@gmail.com> >>>
One word: "pirated software".
ok, so it's two words ;-)

I've seen enough cases where the evildoers were using lophtcrack or
the various commercial software/hardware keystroke loggers that you
can buy. Most of the time it's pirated stuff, but why not use the best
you can get/steal when you're a criminal?
I'd say the "others" should be informed of both risks, and need to be
reminded that "most likely" does not really mean anything. I wouldn't
step on a plane that would "most likely" not crash..

On 2/7/06, ROB DIXON <RDIXON@workforcewv.org> wrote:
> Hey Tony,
>
> The "others" should be informed that the malicious attacker is most likely to NOT use "commercial" products.
>
> And that for a true benchmark, maybe use the products that a malicious attacker would use. Most of which will probably be open source or free at the least. That is assuming that they are not writing their own software. ;)
> I guess I'm asking, how do you justify "not" using free products?
>
> You can buy pre-computated rainbow tables, but there are different rainbowtables for different types of hashes. Example: ntlm, ntlmv2, sha1 , md5, etc.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Leif Ericksen: "RE: Pen-Test and Social Engineering"
• Previous message: T.Dudek: "Re: Rainbow Tables"
• Maybe in reply to: stark192@hotmail.com: "Rainbow Tables"
• Next in thread: Flory Jeffrey D Ctr 59 MDSS/MSISI: "RE: Rainbow Tables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:28 EDT