![]() ![]() This process repeats a number of times until you have a final hash. Then the hash itself is taken as a new password (I think it's adjusted for the valid input chars) and a new hash calculated. For each "initial password", its hash is computed. Not all hashes are actually stored in the precomputed tables. Tbone, I don't know if you accounted for this in your calculations.Īlso, this explanation might be useful for the casual reader: Ergo your precalculated tables would collapse into a black hole long before you got the chance to use themĮdit: Crikey, my spelling and typing goes to hell after midnight! The Chandrasekhar limit is approximately 10^27 tons. If you had some kind of medium that could store 100GB of data in one millionth of a gram, you would have 6.75 * 10^177 tons of storage. ![]() To paraphrase:Īssuming you even had the computing power to precaluclate the factors of all 200 digit numbers, you would need approximately (9 * 10^200) * 665 bits to store them all. ![]() Feel free to use google's HTML translation of it instead. There's a powerpoint lecture on this at hxxp://but powerpoint slides piss me off. NTLMv2 increased it to 128 bits, which still isn't really strong encryption by most modern standards, but it at least ups the ante when it comes to how much space it takes to store precalculated hashes.Īt some point this approach becomes downright impossible. This type of attack is only useful because of the small keyspace for NTLM. Precaluclation isn't all that new of an idea in the codebreaking world, but the fact that it can be done so easily on NTLM underscores how weak that system is. I've heard of people using this approach before for NTLM password hashes - usually they can store all the precalculated hashes on a CD. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |