Last update: 01/17/2005
Can I crack linux password with RainbowCrack?
No. Salt is used to randomize the stored password hash. With different salt value, same password yeilds different hash value. The time-memory trade-off technique used by RainbowCrack is not practical when appliable to this kind of hash.
Can I crack lm/ntlm hash obtained via network packet capture with RainbowCrack?
No. Any "challange-response" style hash is not possible, just like those salted ones.
What king of hash can the time-memory trade-off technique be applied to?
Any raw hash can be applied, for example lanmanager, md5, sha1...
What is the main difference between brute force and time-memory trade-off technique?
With brute force, we repeat all computation in cracking time, which is slow.
With time-memory trade-off technique, we do the long time computation in advance and store the result in files, the precomputed data can be used any times for instant cracking. Normally, several years of computation effort can be saved in tens of GB of data.
How does RainbowCrack store plaintext, ciphertext pairs in rainbow table?
Plaintext,ciphertext pairs are organized in rainbow chains. Each chain takes 16 bytes in RainbowCrack, storing about rainbow chain length - 1 plaintext, ciphertext pairs. Rainbow chains are stored one by one in rainbow table file, so the size of a rainbow table file is 16*rainbow chain count bytes.
How can I add new hash algorithm support to RainbowCrack?
You must modify the RainbowCrack source to support new hash algorithm. In source code of RainbowCrack 1.2, open file HashRoutine.cpp and add your hash algorithm like this:
CHashRoutine::CHashRoutine()
{
AddHashRoutine("myhash", HashMy, 16);
}
The prototype of AddHashRoutine is:
void AddHashRoutine(string sHashRoutineName, HASHROUTINE pHashRoutine, int nHashLen);
sHashRoutineName: name of the hash routine, don't use character "_" as part of the hash routine name please
pHashRoutine: function pointer of the hash routine, the prototype is:
typedef void (*HASHROUTINE)(unsigned char* pPlain, int nPlainLen, unsigned char* pHash);
pPlain: [in] plaintext to be hashed
nPlainLen: [in] plaintext length
pHash: [out] hash of the plaintext
int nHashLen: output length of the hash algorithm, for example MD5 has an output length 16
Of course you need implement your hash routine "HashMy" somewhere else, for example in HashAlgorithm.cpp with prototype in HashAlgorithm.h.
And now, rebuild the source and generate the rainbow tables of your hash algorithm like this:
rtgen myhash loweralpha 1 7 0 100 16 test
It seems the space character is missing in configuration #3, #4, how can I add it?
If you need the space character in these tables, it is suggested to use configuration #5 and #6 instead, as listed in "Rainbow Table" section of RainbowCrack site.
configuration #5 use charset "alpha-numeric-symbol14-space":
alpha-numeric-symbol14-space = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+= ]
configuration #6 use charset "alpha-numeric-symbol32-space":
alpha-numeric-symbol32-space = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ]
I run rtgen.exe command line for two times with same parameters. But the generated tables are different. why?
Each rainbow table consists of a lot of rainbow chains. Each rainbow chain consists of a starting point and an end point. In RainbowCrack, the starting point is randomly generated and the end point is computed based on the starting point. As a result, tables of same parameters will be binary different. However, the function will be same.
How can I distribute the table generation process?
The table generation process can be natively distributed. Each table set consists of a lot of rainbow table files. To generate each rainbow table file, a rtgen.exe command line is involved. You can run different rtgen.exe command line on different computers to save overall table generation time. When finished, copy all table files together, sort them and they will work.
Does RainbowCrack support large rainbow table file (multiple gigabit)?
RainbowCrack doesn't support rainbow table file equal or larger than 2GB. This is a limitation as we are using 32-bit value to store the file size. In fact, the rtgen utility will never allow you to generate a file with 134217728 or more rainbow chains, the rtsort and rcrack simply doesn't support large file.
However, RainbowCrack do support rainbow table up to any size by storing a large table in different small files. For example, to generate a table of 10 GB, we can store all data in 10 files with following rtgen commands:
rtgen ... 0 rainbow_chain_length 67108864 0
rtgen ... 0 rainbow_chain_length 67108864 1
......
rtgen ... 0 rainbow_chain_length 67108864 9
10 files of 1 GB will be generated. Physically they belong to different files, but logically all these files belong to same rainbow table as they are using same rainbow table index "0". There is no negative performance impact for rcrack utility if we span same table in different files.