Saturday, November 12, 2011

Free Rainbow Tables

 on  with No comments 
In ,  
I previously blogged about a distributed computing project called The Dimes Project.  The purpose of that project is to use participant's computers to map the Internet with a piece of client software that uses pings and traceroutes to known hosts to discover new hosts and paths.  As stated in that post, there are dozens of if not hundreds of such projects, and this post will cover another one, DistRTGen, which is a part of the Free Rainbow Tables project.

A rainbow table is a table of precomputed hashes for known inputs using a common crypographic hash algorithm.  Tables are used in recovering a plaintext password, for good or for evil purposes. Rainbow tables are built by taking known input values, performing the has algorithm on them, and then storing the plaintext and cyphertext values together in the table.  This allows the user to take a hash, compare it against known hashes already in the table, and then have the plaintext input for that hash, which is commonly a plaintext password.

The downsides to this approach are obvious.  Running the hash algorithm takes CPU processing.  While it may not be significant for one operation, running it for every possible input will be prohibitively expensive for a user with only their own computer(s) available for computation.  And while the input and output of one operation will not be a significant amount of data, it will possibly be prohibitively large for a single user.

The DistRTGen project tackles this like any other distributed computing project.  Users download the BOINC client, configure it to connect to the project with their user account and allow it to run in the background.  The client requests work units, compute them, and then upload the results.  The project will allow the user to run work units simultaneously on as many of their available CPU and GPU cores as they choose.  DistRTGen is building tables for the LM, NTLM, MD5 and MYSQLSHA1 algorithms. MYSQLSHA1 are double binary sha1 hashes used for MySQL authentication.

Users are able to download the current rainbow tables via bittorrent, where you can connect to the torrents for any or all of the data.  The project can also sell you a hard drive filled with the current tables.  There is currently 9741GB of data, so it will take some time to download the torrent(s), and it will take  a few days for them to prepare a hard drive for shipment.  They also have programs available on their downloads page to covert the data to other formats.


Post a Comment

Discuss this post!