full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Enable secret 5 : Cisc

Re: [Full-disclosure] Enable secret 5 : Cisco Password

From: coderman <coderman_at_nospam>
Date: Wed May 23 2007 - 21:14:19 GMT
To: "Michael Holstein" <michael.holstein@csuohio.edu>


On 5/23/07, Michael Holstein <michael.holstein@csuohio.edu> wrote:
> > Dork, show me a full set of a-zA-Z0-9{8} rainbow tables with salted
> > md5 and I will show you a picture of me in a bathing suit.
>
> My *point* was that a rainbow attack against is a lot faster than a
> brute-force with JTR or similar. Might as well try the easier options first.

what Knud was indicating is that rainbow tables work against unsalted (or minimally salted) targets. for example, lanman is a great target - it uses md5, but does not salt. if you have 200G to spare, this works great.

properly salted md5 is immune to rainbow table attacks.

(now, as for generating collisions, there have been some nice advances in md5 tunneling attacks, but the cost is still too large for targeted md5 collisions iirc. someone will correct me if i'm wrong, i'm sure...)

best regards,



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/