.1 million in 17 hours
-
robmacagain
- Boinc Warrant Officer Class 2
- Posts: 322
- Joined: Tue Apr 12, 2011 3:53 pm
- Location: Sassenachshire
#1 1 million in 17 hours
Woo hoo im chuffed with my kit as ive just done my 1st daily million credits (17 hours), pity it was because of a backlog on Distrrtgen but its a million after all .
.
-
Andy Manzie
#2 Re: 1 million in 17 hours
It does seem to be giving good credit when it is working. But i cant use it full time due to bandwidth issues.
Each unit has a 4.77Meg upload at the end of running. My GPU does a unit in 7 to 8 minutes. That equates to something like 30Gig a month in upload. I have limited bandwidth and i do like to use my computer for other things.
I have another concern with this project.
Quoting from their webpage
The goal of FreeRainbowTables.com is to prove the insecurity of using simple hash routines to protect valuable passwords, and force developers to use more secure methods.
By distributing the generation of rainbow chains, we can generate HUGE rainbow tables that are able to crack longer passwords than ever seen before.
Furthermore, we are also improving the rainbow table technology, making them even smaller and faster than rainbow tables found elsewhere, and the best thing is, those tables are freely available!
could these tables be misused for hacking?
Each unit has a 4.77Meg upload at the end of running. My GPU does a unit in 7 to 8 minutes. That equates to something like 30Gig a month in upload. I have limited bandwidth and i do like to use my computer for other things.
I have another concern with this project.
Quoting from their webpage
The goal of FreeRainbowTables.com is to prove the insecurity of using simple hash routines to protect valuable passwords, and force developers to use more secure methods.
By distributing the generation of rainbow chains, we can generate HUGE rainbow tables that are able to crack longer passwords than ever seen before.
Furthermore, we are also improving the rainbow table technology, making them even smaller and faster than rainbow tables found elsewhere, and the best thing is, those tables are freely available!
could these tables be misused for hacking?
-
robmacagain
- Boinc Warrant Officer Class 2
- Posts: 322
- Joined: Tue Apr 12, 2011 3:53 pm
- Location: Sassenachshire
#3
Yes i suppose they could, but dnetc and moo are basically the same thing rc5 code crackers and a few on here do them too.
Im sure that if anything untoward was happening then boinc surely would not allow them.
Im sure that if anything untoward was happening then boinc surely would not allow them.
-
Megacruncher
- G.L.S.B.
- Posts: 4765
- Joined: Mon May 29, 2006 11:33 pm
- Location: Edinburgh, Scotland
- Contact:
#4
My DistRTGen profile hints at moral misgiving about the project. It is fairly tongue in cheek but obviously hit a raw nerve & earned me this rather earnest reply from one of their leading lights
I'm sure they are respectable otherwise they'd have just sent the boys round to me!I approved your profile but wanted to send you a note.
"The moral rationale for this lets-improve-internet-security-by-hacking-passwords, a bit like me burgling all my neighbours in order to have them all rushout and buy alarms and window locks, is pretty suspect but hey! the credits are excellent."
Rainbow tables are pre-computed tables for attacking password hashes. Most of the big security breaches lately such as Sony PSN stored plaintext passwords and there were no hashes to break.
Some password storage just uses a hash (such as Microsoft password storage) and no salt. This makes the hashes vulnerable to pre-computation attacks. *nix password storage has been using salts since the 70s. Lots of webapps also just store an unsalted md5, sha1, etc. Also, you have to have the hashes in the first place. Some of our sets are actually being requested by CISSPs working in infosec for audits because there is about 1 company that sells tables and they cost $1000USD for a single table set.
I begin all my talks stating that if simple measures were taken that the project wouldn't exist and I wouldn't be talking. Yes, we really did start off with the goal of giving insecure password storage a greater spotlight so that we raised awareness to the point of making our project obsolete. However, it is failing to raise the awareness that it should and mostly we're focusing especially on the NTLM side for auditing.
If you'd like to learn more about the topic I've been invited to Norway and spoke twice on the topic:
http://securitynirvana.blogspot.com/201 ... nline.html
http://securitynirvana.blogspot.com/201 ... chive.html
I'm speaking from a less math/theoretic point of view and more practical side this Tuesday, http://dallas.naisg.org/meetings.asp, though sadly it will be audio recording only.
Our primary mirror for completed tables is hosted by a University in Italy and are working to find at least a secondary mirror or reliable hosting on a university network for torrent seeding.
James Nobis - quel
Willie the Megacruncher
-
PinkPenguin
#5
Looks like the Anti-Virus guys already cottoned onto this commercial strategy..."The moral rationale for this lets-improve-internet-security-by-hacking-passwords, a bit like me burgling all my neighbours in order to have them all rushout and buy alarms and window locks, is pretty suspect but hey! the credits are excellent."
Seems to be mostly about hacking windows passwords which is something of a social network pastime these days... only it's higher risk with windows... you might get infected! 8)