Password Crackers Utilize Hash

A trio of entrepreneurial hackers hope
to do for the business of password cracking what Google did for search
and, in the process, may remove the last vestiges of security from many
password systems.

Over the past two years, three security enthusiasts from the United States
and Europe set a host of computers to the task of creating eleven enormous
tables of data that can be used to look up common passwords.

The tables
– totaling 500GB – form the core data of a technique known as rainbow
cracking, which uses vast dictionaries of data to let anyone reverse
the process
of creating hashes – the statistically unique codes that, among other
duties, are used to obfuscate a user’s password.Last week, the trio went
public
with their service. Called RainbowCrack Online, the site allows anyone
to pay a subscription fee and submit password hashes for cracking.

This is no different that making skeleton keys or
selling kits that allow folks to pirate cable signals.  People
who care about or need secure systems will start using passwords that
rainbow tables
can’t crack. However, trying to pass themselves off as a legitimate
business and selling cracks from their web site, lacking a number of
legitimate customers, smacks us as about as smart as selling the other
kind of crack.

from the
Register