[Dshield] Password Strength

Gary Warner gar at askgar.com
Tue Oct 19 19:29:26 GMT 2004


Here's a Rainbow Tables password cracking page:

        http://www.antsight.com/zsl/rainbowcrack/

In Demo 3, the author cracks passwords on an NT box using his largest 
set of rainbow tables.  Tables which are 25GB in size, and would take 
approximately 7 months to generate on a "normal" computer.  ( The 
rainbow tables are available from the author for $120.)

This table uses the charset:

"ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
0123456789!@#$%^&*()-_+= "

(A-Z, a-z, 0-9, 14 symbols, and space)

In the demo, the following passwords fell on a 2.8GHz Pentium in 3 
minutes 17 seconds:

N73k_a7()TUBoK  _
z %G)r*EW&2nk#
cjST$=W0U*-5CH
(zw= ijV$i*vEX

Anybody got a user community with passwords harder than that?

=============

So, to say "passwords should be changed frequently enough that they 
cannot be cracked during the password change interval" is just no longer 
feasible, UNLESS you go to extended length passwords or some entirely 
different authentication solution.

=============




More information about the list mailing list