Rainbow tables vs. Traditional John the Ripper style

2 replies [Last post]
cisc0ninja's picture
SX Crew
Joined: 2008/03/17

I'm kind of leaning toward the fact that Rainbow table has a good methodology in reference to when you brute force something the application your using to do so has to create a hash and then compare it to the one you're trying to crack.
And if I am correct, which I may not be, the rainbow tables are pre-computed hashes, so common sense tells us that if the hash is already computed that's taking part of the cpu processing power out of the equation because it's already been done.

The argument here is that supposedly the amount of time it takes to create the hash and even before attempting it, is so minuscule that using an application like john the ripper in it's traditional brute forcing form, will actually crack the password faster.

Part of this is due to the fact that the way john was/is programmed says "let me try this method first" which is a very structured way of testing out the more common and weaker possibilities first.

Where as with rainbow tables you're going in the set order they were created so it's like if my password was the letter "z" and the i've created hashes for letters "a-x" i haven't gotten to "z" yet so there's no way I'm going to crack it.
Even if I have created all "a-z" it's still going to start with "a" every time vice starting with letters that might sound like "z" or look like "z".

It seems as though using John is a much more convenient and possibly "the smarter" way to go about password cracking.
But, if you've got the time, and the processing power, and the storage space, which is all becoming more and more obtainable, why not do some tables and see for yourself?

Any thoughts?

"He who knows his own weakness, knows more of himself than he who has none."