Found this off /. so if you have seen it there, you can stop reading. Interesting project where one can submit a md5 hash and in a few days (I presume) you get the plain text value of them. Currently the character set a-z;0-9 [8] is supported which means that hashes created from lowercase plain text with letters and/or digits upto a maximum length of 8 characters are supported. They user RainbowCrack for cracking which essentially is a hash cracker. While a traditional brute force cracker try all possible plain texts one by one in cracking time, RainbowCrack works by precomputing all possible plain text - cipher text pairs in advance and store them in the file so called “rainbow table“. It may take a long time to precompute the tables, but once the one time precomputation is finished, you are able to crack the cipher text pretty fast.

RainbowCrack itself is based on the faster time-memory trade-off algorithm by Philippe Oechslin. 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since. We propose a new way of precalculating the data which reduces by two the number of calculations needed during cryptanalysis. Moreover, since the method does not make use of distinguished points, it reduces the overhead due to the variable chain length, which again significantly reduces the number of calculations. As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (2 37 ) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points. We show that the gain could be even much higher depending on the parameters used.

For more information check out: