The difference between security code and application code is, when application code fails, you find out right away. When security code fails, you find out 4 years from now, when a DVD with all your customer’s credit card and CVV2 information starts circulating in Estonia. Matasano Chargen
i came across an article in digg which was about “63 things a geek should know“.quite an interesting article.somewhere down the line i found this article about breaking into windows and linux operating systems by obtaining their passwords.
Earlier i knew little about rainbow tables and one way hashing which is conceptually very interesting to learn.but i dint think of any program which used these rainbow tables to launch a brute force attack.i dreamt of writing one myself. but very recently i came to know about “ophcrack” which is a open source program which can be used to retrieve passwords.
you can download iso files for retrieving windows vista and xp passwords through p2p from here also.
i downloaded both vista and xp live cd iso’s and burned those iso’s to live cd.i set a password for my xp account.
all i had to do is insert the live cd and boot from it.after loading the tables on to the RAM ,ophcrack took few secs to retrieve windows password(not consdering the time taken for loading tables on to the RAM(few minutes)).
here are some interesting article about rainbow tables which i liked
how vulnerable is your windows password to brute force attack?
Earlier i knew little about rainbow tables and one way hashing which is conceptually very interesting to learn.but i dint think of any program which used these rainbow tables to launch a brute force attack.i dreamt of writing one myself. but very recently i came to know about “ophcrack” which is a open source program which can be used to retrieve passwords.
you can download iso files for retrieving windows vista and xp passwords through p2p from here also.
i downloaded both vista and xp live cd iso’s and burned those iso’s to live cd.i set a password for my xp account.
all i had to do is insert the live cd and boot from it.after loading the tables on to the RAM ,ophcrack took few secs to retrieve windows password(not consdering the time taken for loading tables on to the RAM(few minutes)).
here are some interesting article about rainbow tables which i liked
then i learnt that salting a password can defeat rainbow tables ;”salting” a nice name though.
so how do we protect ourselves from these programs??
by following the below guidelines we can make sure that our password cannot be easily cracked.
these simple guidelines can give password crackers a hard time for sure.
i was wondering if we can try ophcrack or anyother similar program to crack winrar file using brute force? has anyone got a lead on that?
please feel free to suggest any other useful sites regarding rainbow tables and brute force attacks.