DistrRTgen is a distributed rainbow table generator.

More info about rainbow tables can be found on Wikipedia
The resulting tables are available for free on our main page freerainbowtables.com and on tbhost.eu

Rainbow tables is used by security professionals to do password auditing on systems.
The goal of DistrRTgen is to develop the technology further and create rainbow tables that can cover a larger range of passwords, ultimately forcing developers into using more secure mechanisms (salting the passwords)

Stats are exported, and the project url is http://boinc.freerainbowtables.com/distrrtgen/

They must be Exporting them to the Moon because none of the Major Stats Sites has picked them up at least 30 days now ...

They are showing up here for me.

I guess they do for me too here, I never think to look for them here though BOK's & BOINCSynergy don't show them yet, at least not as of this morning ...

You have any idea how to add the project to their sites?

Post in their fora as well

No not really, they could be in the Process of adding them, sometimes it takes a few days though. Or somebody has to Post in their Forums that the Project it Exporting States so they can add them...

My only concern about such projects is that they may help hackers, like TMRL did rather surreptitiously. And checking out the forums of DRTG, where it seems that some posters are interested in cracking system passwords, I cannot help wondering about the ethics of such efforts...

Clarifications welcome.

I second that

you'd better be concerned about encryption systems which are vulnerable to such rainbow-attacks. putting the threat to weak systems publically is not a problem, but pushing for better systems by proof of concept.

I am, but it seems that DRTG just enables hackers to explore such vulnerabilities. I don't really think that such projects even prove the concept, rather exploit an already proven concept.

Bar a clarification by the project owner, it's starting to look like DRTG will go the way of TMRL: out of my list.

The proof is already there since quite some time, that's not the problem.
Such a project will do quite little to raise the attention of the admins of weaker systems, it's imho mainly to provide people, who want to exploit weaker systems, with better tools.

I never crunched for the first hacker project, I won't do so for this one.

Hackers need help too so I'll keep it on my list, at least till I get my 100,000 there anyway ...

Hi everyone

I've looked at the project's main page and am rather puzzled by a few things.

* Who's running this project? Presumably one of the people is PowerBlade who started this thread, but who is PowerBlade? The other (or same) person involved, judging by the email address at the bottom of the main page, seems to be called Admin. My main project explains just one click from the index page who its people are.

* Where is the project being run from?

* The main page seems to be telling us that we all have 'hashes'. I didn't know this before but I'm always interested to learn. Can somebody please tell me what my hashes are and where I can find them?

* Can I crunch for this project without buying the disks, which at $400 and $550 seem rather expensive? If I can't afford that, how much data will I have to download?

* I see further down the main page that for each 24 hours of crunching I'll get 10 free credits. THANK YOU! MY MAIN PROJECT, CPDN, HAS NEVER OFFERED ME FREE CREDITS SO THIS IS A BIG INCENTIVE! The main page also says 'These credits can then be used for hash cracking any time.' I didn't know that BOINC credits could actually be used for anything, but I'm learning something new every day. I thought the projects gave credits to us crunchers. I didn't think we then had to use our credits to buy more workunits. Can PowerBlade please explain? And may I please also use my CPDN credits to crack codes and passwords?

* Near the bottom of the main page it says 'We do have costs to cover, so if you would like to buy extra credits, please email us.'. This is a genuinely innovative idea for a BOINC project. PowerBlade, to save Admin the trouble of replying to hundreds or thousands of emails asking the price of credits, could you please tell us here on the forum? (I shouldn't really say this, but I'm wondering how much it would cost me to catch up with PoorBoy's credits.) Or does the price of credits fluctuate like the stock market?

... Buying Credits, Free Credits, what ever happened to the good old fashion way of just buying or building a Computer & then Processing & Earning your Credits from a Project, or is that getting to be to Passé anymore ... ???

If their going to allow Buying Credits to me it's a slap in the face to those that actually spend the time to do the Wu's for them & I'll drop the project too for just that reason alone.

Oh, as far as those Tremendous 10 Free Credits for every 24 Hours of Processing goes do you realize thats less than .5 Credits Per hour, I don't think thats going to help you catch NEZ or anybody else for that matter in the near Future ...

Perhaps they aren't talking about BOINC credits. Maybe they are talking about credits that can be used against work submission, like at BURP.

Regardless, it's their project, and they can run it however they like. It is up to us, the individual crunchers, to decide if we will participate or not. Just like any other project.

Edit: And of course, I will crunch it, just like all other projects.

Until this is sorted out I'll remove the project from BAM! to prevent people from attaching to it on automatic pilot.

I hope so too, but like Zombie said it's their Project & it's up to each individual cruncher to make the decision whether to process for them or not, Personally I won't think any less or any more of a person whatever their decision is ...

I attached to the project using BAM. This action won't detach all my (our) machines will it? How do people detach if they want to, assuming they attached via BAM?

IMO, just leave it, and let people make their own decisions, just like with every project. Being educated on the issues is not a pre-requirement to vote. Likewise, I don't see why it should be for attaching to a project.

i'm sorry but as this project is not a official university project you can not expect people to spread their face all over the web. if we did so we sure would get some ugly *i hate your project* mails....



The main server rests in PBs house in Copenhagen.




every OS uses hashses to protect your system. example would be your login form. those passes are not saved in plaintext on your pc.



as you could have read, these disk are a not a requirement and b a offer to those people who want our finished tables but are not willing to download them. "As always, the tables are still freely available for download. You only need to pay if you don't want to download them, but rather recieve them on a disk." I think that answers that :/



This is not about BOINC credits. it is about the credits of our main site which can be used to submit hashes to our cracking system. these hashes are then being computed by the projects users, if they didnt change their settings not to do so.



As already said it is about the main pages credits, but im not quite sure how buyed credits get into the statistics as im not aware of anyone who has ever buyed some.


sooo i think i answered all your questions now and now its time for my opinion. you obviosly dont like our projekt, and thats ok.but please do not simply *misread* sth for purpose so you can blame us for it. this project may not be usefull for the everyday user, but as you can see from our tracker, there are many companys downloading our tables for penetration testing and we have quite some activ users.
We would be pleased if you did not remove our Project from your stats as it is a matter of individual decision.

the_drag0n

I agree. Instead I have put a warning message in the projects' description, so everybody can decide for him/her-self.

Thank you for the very detailed response, Dragon.

Now that Distributed Rainbow Tables is a BOINC project I think you need to edit your main web pages to make it clear each time whether you're referring to BOINC credits or internal project credits.

I also think that most BOINC members prefer for their own security and the security of their attached computer to know the real identity of at least one of the people running a project and the location of the project. This information should ideally be available directly from the project's index page. There's no requirement for BOINC projects to be run only, for example, from academic institutions. But total anonymity on the part of the admins of a private project does not instil confidence in all BOINC members. (I'm not saying you need to give a postal address or telephone number!)

On my main project, CPDN, the project researchers and programmers and some of the moderators provide email addresses that clearly show our real names. As far as I know none of us receive emails from members or the public telling us that they hate the project, even though the tasks are quite difficult to complete. You can see that mine's available to project members here and from every post I make.

i'll talk to PB about both tasks, and we'll prob name the hashcracking credits to coins or sth less confusing. also i will bring up the "personal presentation thing" but as i said he may decide that for himself wether he wants to post a photo or not. i personaly dont have a problem with sharing my mail.

the_drag0n

As the dragon already mentioned, these credits is specific to the old system we were running before BOINC.
"Credits" bought from the mainpage won't be included in the BOINC stats in any way. Its stored in another database.
I fully understand why your confused and its mainly because the info is outdated since we changed to BOINC. I will try to fix some of these issues soon (calling them coins or something like the_drag0n suggested)




All of the resulting tables is freely available from our mainpage (The torrents are down right now) and on http://tbhost.eu/ - All for free



We all have our opinions, and i respect yours. I also fully understand why you choose that way.



Its like a double edged sword. Yes, it *could* help hackers, but its also very helpful for security consultants. I know of at least 1 professional security company using our free "product" to test password strengths.
Regarding the usage for hackers. If they managed to retrieve the hashes from somewhere (eg. from a domain controller), they already need full admin access to the domain controller before they can retrieve the hashes. Why would they then need to crack the hashes?




It takes nothing to crunch for our project.
What it talks about is the result of the project. We currently have around 700GB of data available. Not everyone wants to download such amounts of data, and rather wanna order the tables on a disk