ken's Salty "Rainbow" is a search-engine-discoverable archive of descrypt (traditional Unix DES crypt) hashes for 7180 common passwords and variants - especially default passwords, temporary passwords, and generic operational/lab/development passwords.
Rainbow tables are largely dead for most password-cracking use cases (even for unsalted hashes).
But as the historical (and historic) salted hash, descrypt is a unique hybrid: slow enough to take time to exhaust, but fast enough (and truncated enough) to make naive lookup useful for non-specialists (who are desperate and Googling).
The descrypt hash format also still seems to be the default for a number of embedded platforms.
This all means that descrypt is perhaps the only standard salted hash for which a rainbow table (or other lookup) might still be useful - hence the name.
This repository should illustrate - to developers, embedded platform architects, and IoT manufacturers - that choosing descrypt has been a bad idea for some time ... and will only get worse.
(And to be clear, I think that descrypt was a pretty brilliant improvement when it was introduced, and I'm a huge fan. But its time has passed.)
-
Some Palo Alto gear uses 'admin' as the default password, configured by default with the same salt every time
fnRL/G5lXVMug:admin
-
DSL-2750u routers with PTCL firmware have these hard-coded default credentials:
admin kcCkosSQIzsyI:adminuser tFXuAIJGpWSdY:usersupport 3YpechUwDY1Fc:support
- All 4096 valid salts for the original descrypt algorithm are used here. Some implementations of descrypt may use invalid characters in the salt.
- Because descrypt truncates passwords at eight characters, "actual" passwords (as intended by the person who chose them) may vary.
- Yes, I know that this isn't actually a rainbow table. That would be massive overkill for this use case. Instead, we harness the power of search-engine indexing of GitHub. I just couldn't pass up the name.
-
'password' as many unsalted hashes: https://gist.github.com/roycewilliams/5e8d676ac4fe54fb7b6cb233b0721f57
-
'password' hashed with the first 10,000 rounds of MD5: https://gist.github.com/roycewilliams/794e4d7a81e7840deae29fdc7c03fa10
-
Common season+year+special passwords, major unsalted hashes: https://gist.github.com/roycewilliams/1603d23a4c5d3eda44fae348f6e0e954
- https://setuprouter.com/common-passwords/
- https://github.com/jeanphorn/wordlist
- https://github.com/danielmiessler/SecLists/tree/master/Passwords/Default-Credentials
- F5 attack article
- F5 IoT article
- WrenSecurity opendj password-with-all-crypt-salts.txt
- https://datarecovery.com/rd/default-passwords/
- https://en.wikipedia.org/wiki/List_of_the_most_common_passwords
- https://www.openwall.com/passwords/wordlists/password-2011.lst
- https://github.com/rapid7/metasploit-framework/blob/master/data/wordlists/default_pass_for_services_unhash.txt
- Kali Hydra list
- NCCGroup 2010 descrypt rainbow-table article
- Ars Technical article
- john-users 2015 thread on rainbow tables
- When names outlive their usefulness (Sean Cassidy)