OPHCRACK (the time-memory-trade-off-cracker)
Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman's original trade-off, with better performance.
- Making a Faster Crytanalytical Time-Memory Trade-Off, Philippe Oechslin, Advances in Cryptology - CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17-21, 2003, Proceedings. Lecture Notes in Computer Science 2729 Springer 2003, ISBN 3-540-40674-3
This paper describes the use of Rainbow tables and compares their performance with the best variants that have been used before.
- Rainbow tables explained, Ph. Oechslin, (ISC)2 Newsletter, Mar-Apr 2005
A simple explanation of rainbow tables. If you got a headache reading the first paper, this one is for you!
- Les compromis temps-mémoire et leur utilisation pour casser les mots de passe Windows, Philippe Oechslin,Symposium sur la Sécurité des Technologies de l'information et de la Communication SSTIC, Rennes, June 2004
This french paper describes how to paramentrize rainbow tables to get the best performance and how to estimate the performance of the tables beforehand.
- Time-Memory Trade-Offs: False Alarm Detection Using Checkpoints, Avoine, Junod, Oechslin, The 6th International Conference on Cryptology in India - Indocrypt 2005
This paper describes a new improvement which significantly reduces cryptanalysis time while using only a minute amount of memory.
- Reducing Time Complexity in RFID Systems, Avoine, Dysli, Oechslin, The 12th Annual Workshop on Selected Areas in Cryptography (SAC'05)
Time memory trade-offs also have laudable uses! In this paper we explain how rainbow tables can effectively protect your privacy.
- The latest version of Ophcrack, is available from Sourceforge
The original Ophcrack v1.0a is available as Zipfile with sources, linux and windows binaries.
Free table sets for the Windows LM hash and for the Windows NT Hash are available on Sourceforge.
Links to commercial tables with larger character sets can also be found at the same place.
The on-line demo has moved to the web site of Objectif Securite. Feel free to go there and crack your alphanumerical passwords in seconds.
StatisticsAverage running time for of the demo, using table set SSTIC04-2.7k (1.1GB) alphanumeric passwords: 1.67 seconds paswords with one non-alphanumeric half (half cracked): 26.14 seconds passwords with two non-alphanumeric halves (not cracked): 42.14 seconds Cracking times may vary when the server is also doing other calculations
Philippe Oechslin, Last modified:April 3rd 2006