Darth Null had a nice writeup on how to make crypt(3) rainbow tables. After being told that the salt made it impossible to generate Rainbow Tables, unless you went through the trouble to create 4096 different tables (one for each salt) the reason cited was the presence of the two-character salt at the beginning of the hash. He went out and devised a solution couple of nights later, it was able to actually read, write, and process crypt(3) hashes in their native form (as opposed to a flat hexadecimal dump of the hash). He wanted to submit it for schmoocon but didnt get accepted , so rather than sit on the information, he decided to release it on his blog.
- Instead of generating 4096 tables of 1-8 character passwords, just create 1 table of 3-10 character passwords, and use the 1st two characters of the plaintext passwords as the salt. (That part will make more sense if you read the paper.)
- It’s still kind of slow: 9x slower than LM hashes, for example. But CPUs are much faster than they were in 2003, when people first started building tables for LM hashes.
- It also takes a lot of storage. But storage, likewise, is much cheaper than it was seven years ago.
The whitepaper can be found here: http://bit.ly/ij8hQU