Sunday, February 15, 2009

We do not take a trip. The trip takes us.

Finally back from Shmoocon and Washington D.C. I had an absolute blast and now I'm ready to get back to work. While there's a lot I want to talk about regarding the Con and some of the other research going on, I'll save that for my next post. I finally got a chance to sit down and watch my own presentation on rainbow tables, and there are a couple of things I'd like to add.
  1. The real focus on this research is to help law enforcement. Ideally I see a central agency who has the spare computer power generating rainbow tables containing very complex word mangling rules and large dictionary files. They would then distribute these tables to state and local agencies who don't have the resources to do much in the way of password cracking. This way these local agencies can cheaply crack a large number of passwords without having to invest in the resources to do so. Now this won't help with salted files, but in instances where the bad guy uses the same password on both their local computer and their encrypted file it would help out.
  2. The MsCache hashes are salted with the username "Administrator". The oracle hashes are salted with the username "SYS".
  3. It looks like I'm going to be able to get more storage space, so expect some of the other tables I talked about showing up online soon.
  4. If you download a table, make sure you also download the associated dictionary file and rules file. I really should have labeled everything better, but in the short term if there is any confusion, just check the config file and it will say which dictionary/rule file is required.
  5. I can't believe I made a joke about Paris Hilton in front of everyone. There goes me showing this talk to my parents...
  6. Truthfully, if you have any suggestions or comments, please let me know and I'll see what I can do
  7. Yes, I'll try to write up some additional documentation.
  8. I apologize to everyone I talked to after the presentation. When I speak in front of people it scares the living daylights out of me, and it takes me a bit to go back to normal afterwards.
  9. To the person asking about using the GPU to speed up the hashing, yes I think it can be done, but there are a lot of tricky issues with rainbow tables since you can't parallelize the creation of an individual chain. The question then becomes can your parallelize your IndexToPlain function to keep up with creating enough hash requests to make the GPU efficient.

No comments: