Slashdot Mirror

← Back to Stories (view on slashdot.org)

Free Rainbow Tables Looking For New Admin

Posted by kdawson on from the all-the-colors dept.

lee writes "After almost three years online, the admin of Free Rainbow Tables has decided to call it a day, citing a lack of time to keep it running. (I'm sure that you all know a rainbow table is essentially a giant list of precomputed hashes.) This is a shame, as the site is a useful resource for those occasions when you really need an existing password exposed, rather than simply changing it. I'm a Windows admin, and this site has come in very handy in the past. The currently computed tables weigh in at well over half a terabyte, are available as torrents from the site, or from a couple of mirrors (and alternatives are available). When the site was active, it featured a downloadable BOINC client to put your idle cycles to work computing ever-greater tables, and a space-saving format for storing the tables. The admin is willing to hand over source code if you wish to take over, though I suspect hosting is not included!"

25 of 95 comments (clear)

  1. You know you're hungry when by goobermaster · · Score: 5, Funny

    The headline 'Free Rainbow Tables' makes you immediately think of a table covered in Skittles

    1. Re:You know you're hungry when by mycologistica · · Score: 2, Funny

      wish i could mod this 'tasty'

    2. Re:You know you're hungry when by Em+Emalb · · Score: 3, Funny

      think of a table covered in Skittles

      Billy Mays here for Free Rainbow Tables dotcom. Have you ever needed a giant list of pre-computed hashes? Have you ever forgotten the password to that old Linux box sitting in the corner of the accounting department's coat closet? Then have I got just the thing for you! All you need to do is, and this part's amazing, is go to freerainbowtables.com, that's freerainbowtables.com, enter your hash-string, and voila, there's your password. It's so easy, a paraplegic blind deaf-mute could do it. That's Freerainbowtables.com.

      I'm Billy Mays, and I say, if you don't use this product, the 5th spawn of the Great Satan himself will come to your house and rape your cat....a lot.

      --
      Sent from your iPad.
    3. Re:You know you're hungry when by Chyeld · · Score: 2, Funny

      Billy Mayes didn't yell. It seemed like it because, just like Chuck Norris, when he spoke the rest of the world knew the STFU.

  2. Support is pending by 192939495969798999 · · Score: 4, Insightful

    I am sure that plenty of groups that may "need an existing password exposed" are interested in anonymously donating hosting for this project.

    --
    stuff |
    1. Re:Support is pending by nametaken · · Score: 2, Insightful

      Or pay-for-download and/or pay-for-lookup service, and keep the site online.

    2. Re:Support is pending by CarpetShark · · Score: 2, Insightful

      I am sure that plenty of groups...are interested in anonymously donating hosting for this project.

      You think? Personally, I think you'd have to be a glutton for punishment, to want to admin a site for people interested in rainbow tables.

  3. Reading Rainbow Tables by MoldySpore · · Score: 5, Funny

    Buy the domain, contact LeVar Burton to help promote it, and post video testimonials on how great they work.

    LeVar: "Crack passwords now! But you don't have to take my word for it..." *dun dun dunnn!*

    --

    "I hope you know how very lucky you are to know me, because I am so incredibly incredible."

  4. Re:OMG is that annoying... by Shikaku · · Score: 5, Insightful

    News for Nerds.

  5. Re:OMG is that annoying... by baka_toroi · · Score: 2, Funny

    Shikaku wa sora, shikaku wa hiroi

  6. Salts? by Sir_Lewk · · Score: 5, Informative

    I thought the prevelance of using salts with hashes obsoleted rainbow tables years ago.

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    1. Re:Salts? by six · · Score: 3, Informative

      Once you've reverted the hash back to salt+plaintext, it's *much* easier to remove the salt (often some string concatenated with the plaintext).

    2. Re:Salts? by l0b0 · · Score: 2, Informative

      Using salts with hashes obsoleted rainbow tables years ago (if you know what you're doing).

      There, corrected it for you.

    3. Re:Salts? by RiotingPacifist · · Score: 4, Insightful

      The site host/cracked NTLM LM MD5

      NTLM is still used in the following situations:
      * The client is authenticating to a server using an IP address.
      * The client is authenticating to a server that belongs to a different Active Directory forest, or doesn't belong to a domain.
      * No Active Directory domain exists (commonly referred to as "workgroup" or "peer-to-peer").
      * Where a firewall would otherwise restrict the ports required by Kerberos (of which there are quite a few)

      So kids getting their teeth wet on home networks, which probably explains why its not being supported. MD5 is still used by applications that arn't quite sure what they are doing/can't do much more e.g grub, im clients, etc.

      Lookup tables are still useful in cracking WPA

      --
      IranAir Flight 655 never forget!
    4. Re:Salts? by zindorsky · · Score: 5, Informative

      I thought the prevelance of using salts with hashes obsoleted rainbow tables years ago.

      True. Correctly salting your password hashes will make rainbow tables useless.

      But ... Guess which system still doesn't salt passwords? Windows!

      --
      If the geiger counter does not click, the coffee, she is not thick.
    5. Re:Salts? by zindorsky · · Score: 4, Insightful

      Once you've reverted the hash back to salt+plaintext, it's *much* easier to remove the salt (often some string concatenated with the plaintext).

      Often? That's the definition of salt.

      Also, rainbow tables don't revert the hash back to salt+plaintext. Rainbow Tables don't work if salt was (correctly) used. Well, I guess you could make a set of RTs for every possible salt value ... if you have an ice age or two to wait.

      --
      If the geiger counter does not click, the coffee, she is not thick.
  7. Re:OMG is that annoying... by RiotingPacifist · · Score: 3, Insightful

    Because slashdot used to be a site for geeks, however recently anytime somebody uses a simple TLA/ETLA people start bitching that they don't know what it meant and they are too lazy to google and/or wikipeida it, so instead you get a stupid thread full of people who have !RTFA commenting on a subject that is of no interest to them, if it was they would have understood the TLA in TFS, this really annoys the few geeks that actually RTFA as it dilutes the comments. As a TFS contains redundant information to prevent people going "what are rainbow tables?", lets be honest if you're the kind of geek that has ever done any 'cracking' you knew what it mean, if you're not then you don't care.

    p.s irony of this post not lost on me!

    --
    IranAir Flight 655 never forget!
  8. Only MD5/LM/NTLM? by AmiMoJo · · Score: 4, Informative

    I was expecting more tables than just MD5 and two types of Windows passwords. You can already download the Ophcrack DVD to do Windows passwords with rainbow tables.

    Renderlab offer wifi WPA rainbow tables: http://www.renderlab.net/projects/WPA-tables/ . I hope whoever takes over takes note of projects like that, and tries to expand the range of tables available.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  9. why Rainbow Tables when there is KonBoot? by sammyF70 · · Score: 4, Interesting

    If you need a password to access an account in windows (or linux for that matter), just use Kon-boot instead of messing around with rainbow tables.

    --
    "DRM is like the Ford Pinto: it's a smooth ride, right up the point at which it explodes and ruins your day."-C.Doctorow
    1. Re:why Rainbow Tables when there is KonBoot? by Rich0 · · Score: 2, Informative

      I can't imagine that a tool like this would allow you to authenticate to the domain controller. Cracking the hash cached on the local system would.

      Unless windows is so insecure that the domain controller just takes the local workstation's word that you successfully logged in. I can't imagine such a design lasting this long. If it did you could get the machine's key off the local hard drive and then authenticate as anybody over the network.

    2. Re:why Rainbow Tables when there is KonBoot? by silent_artichoke · · Score: 2, Informative

      The local machine caches the credentials. We see this with laptop users. They have to be connected to the network here to log on the first time, then they can take it home and log in just fine without a network connection. If they change their password on their work desktop, the laptop still uses the old one until they try to log into the account again while connected to the network. So, the domain controller does not take the local machine's word for it, but the local machine does not necessarily check in with the domain controller.

    3. Re:why Rainbow Tables when there is KonBoot? by querist · · Score: 2, Informative

      Granted, EFS (Encrypted File System - the "encrypt" option on NTFS) isn't the greatest, but it's there, it's included with Windows (and thus, perceived as "free as in beer"), and people use it.

      Kon-Boot will grant you access to the account, but not to anything that the user encrypted using EFS. I have just tested this today to be sure before posting.

      That is one reason why people would want to know the current password rather than just bypass the password, though Kon-Boot certainly still has its uses.

  10. Re:OMG is that annoying... by Obfuscant · · Score: 4, Insightful
    lets be honest if you're the kind of geek that has ever done any 'cracking' you knew what it mean, if you're not then you don't care.

    Let's be honest, I'm a kind of geek that has done cracking, but I don't devote my life to it. I've never heard the term "rainbow table" applied to the lists of precomputed hashes, so it was nice to have a simple hint that said "precomputed hashes", and I do care.

  11. Whoops by neokushan · · Score: 4, Insightful

    Slashdotting the site really isn't helping to keep it online.

    --
    +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
  12. rainbow table? by spottedkangaroo · · Score: 2, Informative

    I'm sure a huge precomputed hash database is handy and everything, but are we sure that's what a rainbow table is? I tried very hard to make sense of the Oechslin paper on rainbow attacks and it doesn't mention anything about pre-computing individual hashes. It's about reconstructing cipher chains (or something like that). Perhaps the term has just become diluted over the years. Seems wrong to me.

    --
    Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy