Our great sponsors
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
john
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
Even in md5 or sha1, as long as it's salted with a truly random salt, a rainbow table will do nothing because the salt makes the hash different given the same input. However, the problem with older hashes lies in the amount of time needed to compute the hash itself. A salted md5 takes basically the same amount of time to create the hash as a regular md5, so if you look at something like the hashcat benchmarks you can see that both md5 and md5($pass.$salt) are about 65GH/s using an rtx 3090 (and md5($salt.$pass) being right behind them at 36GH/s); that's 65 billion hashes created and checked every second, without a rainbow table. Also, bcrypt was published in 1999 with blowfish in 1993, I'd hazard a guess that's what they're using; if you check for bcrypt, it's only 92kH/s. If they have updated their hashing alg since then, then they're likely using argon2 since it's the new standard since 2013 and available in public domain, which isn't even supported in hashcat yet, though is in john (but only CPU cracking and not GPU yet).
Even in md5 or sha1, as long as it's salted with a truly random salt, a rainbow table will do nothing because the salt makes the hash different given the same input. However, the problem with older hashes lies in the amount of time needed to compute the hash itself. A salted md5 takes basically the same amount of time to create the hash as a regular md5, so if you look at something like the hashcat benchmarks you can see that both md5 and md5($pass.$salt) are about 65GH/s using an rtx 3090 (and md5($salt.$pass) being right behind them at 36GH/s); that's 65 billion hashes created and checked every second, without a rainbow table. Also, bcrypt was published in 1999 with blowfish in 1993, I'd hazard a guess that's what they're using; if you check for bcrypt, it's only 92kH/s. If they have updated their hashing alg since then, then they're likely using argon2 since it's the new standard since 2013 and available in public domain, which isn't even supported in hashcat yet, though is in john (but only CPU cracking and not GPU yet).
Even in md5 or sha1, as long as it's salted with a truly random salt, a rainbow table will do nothing because the salt makes the hash different given the same input. However, the problem with older hashes lies in the amount of time needed to compute the hash itself. A salted md5 takes basically the same amount of time to create the hash as a regular md5, so if you look at something like the hashcat benchmarks you can see that both md5 and md5($pass.$salt) are about 65GH/s using an rtx 3090 (and md5($salt.$pass) being right behind them at 36GH/s); that's 65 billion hashes created and checked every second, without a rainbow table. Also, bcrypt was published in 1999 with blowfish in 1993, I'd hazard a guess that's what they're using; if you check for bcrypt, it's only 92kH/s. If they have updated their hashing alg since then, then they're likely using argon2 since it's the new standard since 2013 and available in public domain, which isn't even supported in hashcat yet, though is in john (but only CPU cracking and not GPU yet).