4

First off...I passed the CISSP exam. WOOOO. I had to get that out. GCIH and CEH by Sept. 11'

So, while studying for the technical side of things, I see that there are rainbow tables. They are pre-hashed to compare the victim's hashed password (from shadow or SAM), but there are many different hashing algorithms out there. So does there have to be a rainbow table for each and every algorithm AND I have to run the comparison through every algorithm?

In other words how am I to know which algorithm was used: MD5, SHA-1, NTLM, LANMAN?

Are the passwords from one system like Windows 7 always going to be in NTLMv2, and Unix always going to be in MD5 - or can a user modify his system and specify the algorithm to use for his system's passwords - like SHA-256?

Bruno Rohée
  • 5,221
  • 28
  • 39
Abdu
  • 511
  • 4
  • 12
  • 2
    Congrats, welcome to the club. 2 bottles of water, a pint of heartburn and a bunch of beta questions to screw with your confidence later. I still think it's great the whole thing is still done with pencil and scantron. – Ori Jul 05 '11 at 07:58
  • Congratulations Abdu! – Rory Alsop Jul 05 '11 at 13:54
  • 1
    Did you search for 'rainbow tables' before asking your question? Possible duplicate of [What are rainbow tables and how are they used?](http://security.stackexchange.com/questions/379/what-are-rainbow-tables-and-how-are-they-used) – this.josh Jul 05 '11 at 16:10
  • The other half is a duplicate of [cryptanalysis - How to determine what type of encoding/encryption has been used? - IT Security - Stack Exchange](http://security.stackexchange.com/questions/3989/how-to-determine-what-type-of-encoding-encryption-has-been-used) – nealmcb Jul 05 '11 at 22:38

3 Answers3

5

Hum many questions in one

M'vy
  • 13,033
  • 3
  • 47
  • 69
3

@M'vy has the specific answers to your questions.

In terms of a broader answer as to how it works in practice:

What we used to do was keep a range of Rainbow tables and if we had no indication as to algorithm we would just start with the most likely in a particular environment and work through them - using a script to do this makes it very easy, and if it ends up being in the last table it still takes hardly any time.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
1

Normally you know the hash function from context. If you are trying to crack a password then this password is valuable to you, in that it would grant you access to some data or service somewhere, which you specifically target. So one has to assume that you already know the kind of system (in particular if you succeeded in grabbing a list of hashed passwords from a database, then you saw the database), and this often includes knowledge of the password hashing function. Moreover, in systems which support several types of hash function (like the /etc/shadow file on Unix systems), the kind of hash is encoded along the hash value, because, by nature, the system itself must know it.

Remember that hashed passwords are intended to be used by some software, somewhere, which exists as executable files and source code. On a general basis, software cannot be considered to be secret, and reverse engineering is quite effective at uncovering the kind of processing that is done on data.

For Windows, passwords tend to be processed with two hash functions, the old LM (LanMan), and the newer NT Hash (which is MD4). There is also a "password verifier" used in some part, which is "salted" with the user name (not a good salt, really: every "Administrator" is called "Administrator"). See this page for details. LM hash is extremely weak and was used as the demonstration testbed to show the effectiveness of rainbow tables; fortunately, it is disabled by default in newer systems (since Vista). However, the NT hash is still quite weak (not as abysmal as LM, but still) since it is very fast (a single MD4 invocation...) and unsalted (thus making it worthwhile to build precomputed tables, such as rainbow tables).

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949