Mandiant releases rainbow table that cracks weak admin password in 12 hours
4 months ago
- #password-security
- #cybersecurity
- #NTLMv1
- Mandiant released a rainbow table database to hack passwords protected by Microsoft’s NTLMv1 hash algorithm.
- The rainbow table allows password recovery in under 12 hours using consumer hardware costing less than $600.
- NTLMv1 remains in use in sensitive networks due to legacy app dependencies and migration downtime concerns.
- NTLMv1 is vulnerable due to its limited keyspace and reliance on single DES with 56-bit keys.
- NTLMv2, while still weak against brute force for weak passwords, is not susceptible to rainbow tables due to random entropy.