On 2017-03-27 20:25, Greg Freemyer wrote:
On Mon, Mar 27, 2017 at 2:06 PM, Carlos E. R. <> wrote:
You know about rainbow tables, right?
Yes. Not something in my realm, but I did read about them.
If so, in the pre-2005 or so era the universe of passwords was typically small enough that a full set of rainbow tables fit on a DVD. And MS hadn't started routinely using SALT yet.
Last I knew there were various websites that allowed you to send in the first part of an encrypted file. It would pull the encrypted password out of that fragment, then do a reverse password look-up with a rainbow table.
What you got back may not have been your actual password, but it was a password that would hash down to the same thing as your real password, and thus could be used to decrypt the file (PST).
== after a quick google
RE: Outlook 2003
--- An experiment has shown that on average it takes about a minute to recover an Outlook hash password using the brute force attack. However, the crypto analysis of CRC32 has revealed that the algorithm is completely reversible for short passwords (up to 4 characters) and partially reversible for all others. That means, one can recover the original password or its CRC32 equivalent password, that will be indistinguishable for Outlook, almost instantly. It has been proven that it requires not more than 7 characters to pick a collision (password with the same checksum as the original password). ---
So at that time, it seems the entire universe of PST passwords could be mapped down to a 7 character password. So to have near instant cracking speed, all you need is a rainbow table with every possible 7-char password in it.
Modern rainbow tables often have every possible 10 or 12 char password.
If you feel like experimenting, you could also try to attack the PST with "John". John the ripper is in the distro (zypper in john; sudo /usr/bin/john).
fyi: The purpose for John being in the distro is so you can find unacceptably weak passwords. Basically if john can crack the password, it is too weak.
Interesting. Yes, I have used john sometime. I remembered something else. There was no password for email, there was a password to the entire computer (or rather, the network profile), via AD of the time. But setup in a paranoid mode. I had to enter a password composed from a remembered password plus a code that was read from a little clock style device that would churn one code per minute. Something like 6 or 8 letters, perhaps numbers. Too long ago to remember. What interests me are some personal emails that can be there. I routinely moved email to local archives (there was a 2 GiB limit to the size of any mail folder), and I have full access to those. But not to the last week, I think. Nothing important after all this time. In case of doubts, per the local legislation I do have rights to that email store. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))