Hak5 produces 120GB LM hash rainbow table – complete charset!!!


So the Hak5 folks have produced complete hash tables for the LM version of the password hash used by Windows and the tables are good for all valid characters that can be used in an LM password for the 1-7 password length.  The “1-7 characters” part might make it sound like your hash is safe if its of a password that is 11 characters long, BUT (as you may or may not know) you only need 1-7 length tables to crack 1-14 character length LM password hashes because of errm . . . well  . . . a weakness in the way the LM hash is computed that allows one to attack the hash by breaking it into its two 7 character chunks . . . (each chunk covering up to 7 characters).  So I beileve that you can actually use a 1-7 character set of talbes to attack the two halves of the password hash and derive a full 14 character password.


So is this “big news”?  Well . . . not really . . . and sort of. ­čÖé  Pre-computed hash tables for various types of hashes have been available both as a web service and for sale on DVD’s for quite some time from places like this.  You have to obviously pay to play with those hash tables and they are largely incomplete (for the NT hashes) . . . but the complete LM hash rainbow table has been available for sale for a while but this is the first one I’ve seen that is both complete and free – so in that sense – its somewhat newsworthy on a slow news week. ­čÖé


Do folks really need another reason to disable the storage of the LM hash these days?


 


Comments (2)

  1. Anonymous says:

    Zwykle nie chce mi si─Ö sprawdza─ç rzeczy oczywistych, postanowi┼éem jednak sprawdzi─ç skuteczno┼Ť─ç u┼╝ycia rainbow tables w ┼éamaniu hase┼é w Windows. W zasadzie to nawet nie tyle skuteczno┼Ť─ç tej metody, co skuteczno┼Ť─ç tablic dost─Öpnych wraz z ophc