I read this Ethical Hacker article on rainbow tables a few months ago. It provides a pretty good introduction to what they are, how they work, and gets you started on how to use them.
The key takeaway is in the conclusion (where it belongs) - which I quote in entirety here:

As you can see Rainbow Tables and RainbowCrack are powerful password auditing tools. The best course of action to protect yourself is to not allow the storage and use of LAN Manager (LM) passwords on your network if you don’t absolutely need to and to create and enforce a strong password policy that will force the storage and use of passwords as NTLM and not LM. Additionally, the time to compute and space requirements of complex Rainbow Tables should limit the use of them to only determined attackers or auditors. A strong password policy, strong domain security policy, and keeping up with your patches and updates are your best safeguards against password attacks.

Excellent advice.


Published

Category

Technology

Tags

Contact