Make Rainbow Tables Great Again
A Case for Rainbow Tables in 2019 and Beyond
Rainbow tables went out of style a few years ago when GPU-accelerated password cracking became popular. With tools like hashcat, it no longer made sense to invest the effort to obtain the existing obsolete tables. Furthermore, no GPU-accelerated open-source tools existed to create new tables with. For these reasons, the world of rainbow tables was forgotten by the infosec community.
However, rule-based cracking and rainbow table cracking were never exclusive strategies. They were (and still are, in fact), complementary. Rules are great at finding patterns, which are commonly set by users; rainbow tables are effective against fully random passwords, which can exist for highly sensitive accounts.
For example, if the database of NTLM password hashes for a Windows domain were obtained, the optimal strategy would be:
- Use hashcat to brute-force all 1-7 character passwords (this can be done quickly).
- Use hashcat to crack passwords based on rules (variable time).
- Use rainbow tables to break complex 8-character passwords (a few hours).
- Use rainbow tables to break complex 9-character passwords (a few days).
While brute-forcing 8-character passwords is very much possible with hashcat, it is inefficient to do so for smaller numbers of hashes:
Hashcat arguments used: "-m 1000 -a 3 -w 3 -O hashes.txt ?a?a?a?a?a?a?a?a"
As shown in the graph above, on a machine with an AMD Ryzen 1900X CPU and two AMD Vega 64 GPUs, hashcat takes roughly 38 hours to brute-force one hundred 8-character NTLM passwords, whereas the Rainbow Crackalack software (with the NTLM-8 tables) achieves a 93% success rate in just under 2 hours!
To further drive the point home, consider 9-character NTLM passwords (which are generally considered to be very strong). With the equipment above, brute-forcing just 25% of the 9-character space would take over 37 days. Once created, however, rainbow tables are estimated to achieve the same results in under 19 hours!
Overview of the Rainbow Crackalack Project
The Rainbow Crackalack project began in late 2018 with the following goals:
- Create high-quality, multi-platform, open-source software to generate rainbow tables and perform hash lookups with GPU acceleration. (done!)
- Create 8-character NTLM tables and distribute them for free. (done!)
- Create 9-character NTLM tables and distribute them for free. (ongoing)
- Add support for MD5, SHA-1, SHA-256 hashes, as these are actively used by custom web applications. (planned)
Without additional corporate & community support, tables covering 10% of the NTLM 9-character space can be generated by the end of 2019. A Kickstarter project has been created to seek additional funds to accelerate this goal and push towards the 50% range. Individual and corporate sponsorship levels are available!
The following example shows one hundred NTLM 8-character password hashes being cracked by the crackalack_lookup tool:
For additional examples, please see here.
June 11, 2019
Today marks the launch of the project! The source code for table generation and lookup is now available, along with tables targeting NTLM 8-character passwords. Our Kickstarter project aims to raise funds for more equipment so we can generate NTLM 9-character tables!
Get paid to work on open-source code! Below are tasks that we could use help with, along with the bounty attached to each (be sure to read carefully!).
Please contact us prior to submission to handle payment logistics.
1.) Improve FPGA Performance: $1,000.00
A proof-of-concept for running NTLM 8-character table generation on Amazon's EC2 F1 instances can be found here. Unfortunately, in its current state, its performance is utterly abysmal. Apply any optimizations necessary to the code and/or build system to improve the chains-per-second generation rate to over 125,000.
2.) Improve GPU Performance By 10%: $250.00 Claimed!
Improve the performance of NTLM 8-character generation on GPU hardware by 10% through optimization of the OpenCL kernel code, C host program, and/or build system. In order to claim the prize, performance must increase on at least one of the following machine setups:
- Ubuntu 18.04 + NVIDIA RTX 2070
- Ubuntu 18.04 + NVIDIA RTX 2060
- Ubuntu 18.04 + NVIDIA GTX 1660 Ti
- Ubuntu 18.04 + NVIDIA GTX 1070
Additionally, performance must not degrade on any of the above systems, including Ubuntu 18.04 + AMD Vega 64 (with latest open-source ROCm driver).
3.) Improve GPU Performance By 20%: $500.00 Claimed!
Requirements and goals are the same as above, but with at least 20% increase in performance. Note: even if the 10% bounty is unclaimed, achieving the 20%+ improvement gets you only $500, not $500 + $250.
Are you interested in helping us generate NTLM 9-character tables? Do you have modern GPU equipment?
Generate 5 tables for us, and we'll list your name here as a supporter. Generate 200 tables, and we'll mail you a free magnetic hard drive containing all NTLM 9-character tables (targeting 50% efficiency) as soon as they become available. Ships world-wide!
Please contact us to coordinate efforts!
Platinum Corporate Sponsors
Interested in sponsoring the project and getting your company logo listed here? Our Kickstarter project page has the options and pricing information.
NTLM 8-character tables can be downloaded for free via BitTorrent (486 GB).
Alternatively, for convenience, they can be purchased on an SSD hard drive with a USB 3.0 enclosure for just $99. Free standard shipping within the US. Expedited shipping options are available, as well as international shipping.