LWN: Comments on "Rainbow tables for password cracking" https://lwn.net/Articles/208418/ This is a special feed containing comments posted to the individual LWN article titled "Rainbow tables for password cracking". en-us Mon, 06 Oct 2025 23:05:56 +0000 Mon, 06 Oct 2025 23:05:56 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net Rainbow tables for password cracking https://lwn.net/Articles/296781/ https://lwn.net/Articles/296781/ stuartdenley RainbowCrack is a general propose implementation, the lan manager table can be used to break windows password. Stuartdenley <a rel="nofollow" href="http://www.crackcocaineaddictiontreatment.com">Crack Cocaine</a> Wed, 03 Sep 2008 20:19:49 +0000 Rainbow tables for password cracking https://lwn.net/Articles/210637/ https://lwn.net/Articles/210637/ dmenest The MD5 password hash is a lot more complicated than a simple MD5 hash. In fact, the code to generate the password hash calls the simple MD5 hash routine more than 1000 times. So you won't be able to do it easily on the command line without a program that calls the crypt() function for you.<br> Wed, 22 Nov 2006 01:33:08 +0000 Rainbow tables for password cracking https://lwn.net/Articles/210176/ https://lwn.net/Articles/210176/ jond Very interesting. Forgive my ignorance, but how is the hash then stored? I use md5 passwords (at least I told the installer to do so ;). <br> <p> If I setup a temp user with password Ior3yaeW, I get the following:<br> <p> temp:$1$.K4dEqjn$pHNfFwq4BAUHf7TcUScuJ1:13470:0:99999:7:::<br> <p> so if I echo Ior3yaeW.K4dEqjn | md5sum ; what do I do to _that_ to get pHNfFwq4BAUHf7TcUScuJ1 ?<br> Sat, 18 Nov 2006 14:39:53 +0000 Rainbow tables for password cracking https://lwn.net/Articles/209971/ https://lwn.net/Articles/209971/ jake <font class="QuotedText">&gt; Unfortunately, it seems as if all of my many Debian-based systems use "1" as the salt.</font><br> <p> No, the salt is actually between the next 2 dollar signs ... $1$salt$hash<br> <p> $1$ indicates the format of the password ...<br> <p> hope that helps!<br> <p> jake<br> Fri, 17 Nov 2006 04:14:59 +0000 Rainbow tables for password cracking https://lwn.net/Articles/209967/ https://lwn.net/Articles/209967/ zaitseff <blockquote>The best defense against rainbow tables is &lsquo;salt&rsquo;, which has been a part of UNIX passwords since near the beginning of time (UNIX epoch time anyway) [&hellip;] Linux MD5 passwords store the salt between two dollar signs in the password field in <code>/etc/shadow</code>.</blockquote> <p>Unfortunately, it seems as if <em>all</em> of my many Debian-based systems use "1" as the salt. Are other GNU/Linux systems different? I am guessing that this would depend on the version of the <code>shadow</code> package being used on the system.</p> Fri, 17 Nov 2006 02:53:28 +0000 Rainbow tables for password cracking https://lwn.net/Articles/208730/ https://lwn.net/Articles/208730/ dvrabel I assume LWN stores salted and hashed passwords?<br> Fri, 10 Nov 2006 11:31:15 +0000 Rainbow tables for password cracking https://lwn.net/Articles/208536/ https://lwn.net/Articles/208536/ drfickle Great article. I don't think I've seen many web apps which salt the passwords.<br> Thu, 09 Nov 2006 15:42:21 +0000