Rainbow Tables

[Sidewinder]

One for Steps I think!

Anyone though really.

Does anyone know how many characters Rainbow Tables go up to please.

No I'm not looking to get them or use them, and if you don't know, it may be better we don't explain!

Thanks in advance.

 

[Marvo]

 Tut tut....you of all people

Edit; As far as I've ever seen, rainbow tables are mostly used for unsalted MD5 hashcodes so this would define their size. 

 

[Sidewinder]

Know your enemy!

 

[Marvo]

You can get massive tables that include everything from lower alpha numeric to symbols, spaces etc. The are heavy in drive footprint but the biggest problem is the processing power required to run them. They have tables available here  and there's also a forum attached that might be worth a look for more technical info.

 

[Sidewinder]

I'm not trying to do anything, but, i was wondering what sort of level of password would be required to protect against such an attack on say wep, wpa, os-x, linux, windows etc.

 

[Marvo]

WEP is childsplay and wpa/wpa2 is only marginally better. Neither require rainbow tables, anyone who's even remotely clued up would go after the hard coded pin and not the admin level p/word.  

 

[Bruspark]

A long random passcode of 15 digits will keep brute force and rainbow table attacks out for a good while unless you are playing against some evil empire

Ensuring your WiFi SSID is unique (e.g. not Netgear) complicates matters further as wifi rainbow tables are specific to an SSID which forms part of the hash

(SO speeding hacking up by using rainbow tables is slowed down by having to generate a custom set) WPA2 is the only consumer setting that has a chance of being secure against the 'kids in the know'.

MAC whitelists are a complete waste of time, so are hidden SSIDs - they only complicate life for you!

If your router has a WPS (button /PIN based set-up) TURN IT OFF in the settings !!! If there is no off setting look for updated firmware that will have this option (WPS so flawed it is now shown tp be easy to crack)

If you are trying to protect something that really needs protection then commercial grade policies, equipment and firewalls are needed (Cisco, Ruckus et al) . Consumer grade stuff simply cannot be made secure enough for banking, patient records etc.

 

[Sidewinder]

Keep it coming guys, some good ideas, yes it is for my home (business) address, some of the things are already implemented, some are not.

I am using a business router, Draytek, though still learning about this side as the networking I've done before has always been downstream of the security & the clients IT guys have "poked the holes" in their systems for me!

I am looking at putting a disk drive here that I can access remotely, hence the thoughts about security because at the moment, I have NO externally initiated connections allowed.

This I'm guessing will need to change?

 

[Marvo]

If your router has a WPS (button /PIN based set-up) TURN IT OFF in the settings !!! If there is no off setting look for updated firmware that will have this option (WPS so flawed it is now shown tp be easy to crack)

I agree, WPS is a hackers best friend but on many devices turning it 'off' just disables to interface and leaves it running in the background so never assume it's off, rather do some research on your particular device and make sure it is actually disabled. 

 

[Bruspark]

Marvo, agree but I think most vendors have finally got the message now so it's really just about switching it off and then keeping firmware up to date.

Remember also that all this is great but if someone is able to access the physical network at any point to add an extra access point or to access / change router or wifi settings via default admin passwords it's all been a waste of time.....

 

[steptoe]

21 characters IIRC

always use a PW at least 22 characters long,

its something to do with the sheer computing power required for anything larger,

Im fairly certain 21 character 'standard' Rainbow tables are somewhere in the region of 40Gigs 

mine are on the other PC and I dont have access to it just now.

 

[steptoe]

OK, just read this thread through,

the biggest danger is IP copying, even if you lock your IPs or MAC addresses they can be cloned on another machine,

a sniffer will simply inject a signal into your system and wait for a denial of access from your router [or whatever],

it will then read a part of this signal and keep repeating until it has gained the permitted access addresses,

once they have been obtained the sniffer will sit on the system waiting for you to connect when it will read your encrypted PW,

it will only be able to read a small part of the PW at a time, but each time you 'talk' to your system it will gain a bit more knowledge,

this is almost impossible to safeguard against, as opposed to being able to block 'bruteforce' attacks that use Rainbow tables etc,

have a look here

its a nasty world out there,,,,,,,,,,