It's simply not practical to crack the 256 char Extended-ASCII set even for
relatively short passwords of 8 chars. The closest I can find [1] is a 576GB
set of tables to crack ASCII chars 32-95 and a max of 8 chars. That's less
than 1/4th the entire Extended-ASCII keyspace.
Perusing through the discussion group on a distributed rainbow table generation
program[2], I don't find any support for either longer passwords or larger
character sets tables. The best I can find is long passwords with a hybrid
approach where they crack 10 char passwords, but only ones that follow a
specific formula - [A-Z][a-z]{5}[a-z0-9]{2}[0-9]{1,3}
As for generating my own tables, here's a calculator[3] that I think
demonstrates the futility of that for any large keyspace.
Again, we still haven't dipped into 2-byte (Unicode) characters, which will
square the keyspace.
Finally, this quote is interesting[4]:
...Most password crackers cannot crack passwords with ALT characters...
Granted, this article is a few years old, but it does seem to support the list
of safe alt-chars that I mentioned previously so I think that still has some
value.
[1] http://project-rainbowcrack.com/buy.php
[2] https://www.freerainbowtables.com/phpBB3/topic2629.html
[3] http://www.tobtu.com/rtcalc.php
[4] http://www.ethicalhacker.net/content/view/94/24/
-----Original Message-----
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Friday, September 09, 2011 8:03 PM
To: NT System Admin Issues
Subject: Re: password questions
On Fri, Sep 9, 2011 at 6:02 PM, Crawford, Scott <crawfo...@evangel.edu> wrote:
> I don't think that's true. Point me to a rainbow table that has that
> large of a keyspace. I can't say I've looked exhaustively, but I've
> not been able to find one that even exhausts the entire ascii space, let
> alone Unicode.
Use a program that lets you generate your own rainbow tables for whatever
character set you want. RainbowCrack does, I believe.
People on this list have claimed to have such rainbow tables.
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
