Home Forums Password Cracking question, what do we use instead of rainbow tables? Reply To: Password Cracking question, what do we use instead of rainbow tables?

#365740

PwdRsch

A rainbow table typically focuses on one hash type, with one cost/iteration value. So you would need multiple tables for general cracking purposes. That starts taking up a lot of disk space, which may be more difficult to manage. Just one [NTLM 9-character rainbow table](https://www.positronsecurity.com/blog/2020-04-02-rainbowcrackalack-project-releases-ntlm-9-character-rainbow-tables/) weights in at 6.7 terabytes. And if you don’t have the right table type you can’t crack any of the passwords.

Live GPU cracking for most hash types is king. GPUs and the right software (like Hashcat) can provide you with adequate speed and flexibility to attempt to crack just about any hash type. As you mention, GPU cracking can scale fairly well, either with multiple cards in a single system or distributed.

Plus, our knowledge of common password formats has increased a ton in the past few decades thanks to large password database breaches and information sharing between password crackers. So while GPUs can’t crack all passwords, they tend to be pretty effective (90%+) for most environments. Head to head GPUs aren’t as fast as rainbow tables, but they tend to come out ahead in general usefulness.