0

Can someone tell me the what length passwords have been hashed, in every possible combination, in rainbow tables? In MD5 and SHA1. Including all characters (letters upper and lower case, numbers and symbols). In other words, is there a table that has every possible combination of 8 characters? How about 9?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Dimitriou Chemistry
  • 1
  • 1
  • 1
    Unfortunately product recommendations are explicitly off topic for this site. The issue is that such answers become outdated very quickly. Sorry! You'll have to check another corner of the internet. – Conor Mancone Oct 18 '19 at 16:42
  • Unfortunately, questions of the type "where can I find X?" are off-topic as the answers are open-ended and potentially never-ending. – schroeder Oct 19 '19 at 22:41
  • I don't understand these flags. I did not ask for a product recommendation, nor did I ask where to find something. – Dimitriou Chemistry Oct 21 '19 at 15:36

1 Answers1

1

It's doubtful that a rainbow table containing every combination of 8-character passwords exists, because the size of such a rainbow table would be enormous.

Assume (conservatively) that there are 80 different characters that can be used in passwords (i.e. 26 uppercase letters, 26 lowercase letters, 10 digits, and 18 symbols). This means that there are 1.67*10^15 different combinations of 8-character passwords (80^8). A SHA1 hash is 160 bits, or 8 bytes. So, for each password combination, 8 bytes would need to be stored in a SHA1 rainbow table. So, the total number of bytes that the rainbow table would consume is 1.34*10^16 (8 * 1.67*10^15). That's over 13,000 terabytes.

You can do similar calculations to estimate how many bytes would be consumed by rainbow tables containing shorter length passwords of every combination:

8 characters: 13,421 TB
7 characters: 167 TB
6 characters: 2.1 TB
5 characters: 26 GB
4 characters: 327 MB
mti2935
  • 19,868
  • 2
  • 45
  • 64
  • You seem to be under the oft-repeated misapprehension that ‘rainbow table’ means an _exhaustive_ table of password hashes. There is a tunable tradeoff, in chain length, between table size and success probability. The [original paper](https://link.springer.com/chapter/10.1007/978-3-540-45146-4_36) presents a case study of a rainbow table for Windows LAN Manager passwords, which are effectively 7 characters long, requiring only 1.4 GB of storage for 99.9% success probability; you are claiming a factor of about 120 000 times more storage space than is actually needed for this password length. – Squeamish Ossifrage Oct 19 '19 at 01:09