This topic started from these two topics:
DistrRTgen Client / (Beta) Linux Client / rcracki source
Table Distribution / New HTTP mirror, please leech

I downloaded these files and found that the tables have flaws in them that makes 1 in 7.20 chains valid for this table. So 86.1% of the chains are bad.
md5_loweralpha-space#1-9_3_10000x26165576_distrrtgen[p][i]_21.rt
md5_loweralpha-space#1-9_3_10000x26165576_distrrtgen[p][i]_21.rt.index

*.rt file format [starting index] [16 least significant bits of the ending index] [check points]...:


*.rt.index file format [prefix] [first chain position] [number of chains]...:

[f9 ff ff 03] [08 00] should be [00 00 00 00] [01 00] this was cause by the file split 3fffff9 + 8 = 4000001 so the first 7 are in the previous file and the last one is in this file. So the very first chain is not going to be usable but it's prefix is 0x0007122586.

Now combining the data from *.rt and *.rt.index you get:

I tested them and the two chains marked are the only valid ones.

Then I basically brute forced the starting points and got:


This can be fixed in one of two ways:
The best way that I can think of to fix it is to have a 3rd file with all the missing data: *.rt, *.rt.index, and like "*.rt.extrastart". Basically the starting points didn't fit in the field PB provided them in the *.rt files, so some of the data got cut off. The "*.rt.extrastart" would have one byte for every chain in that file index, so each file will be 64 MiB except the last file will be smaller. Then PB would need to require everyone to upgrade their clients to a stable version that is at least version 3.2. So that we don't need to have the "*.rt.extrastart" files for the tables that will be generated from then on.

The other way is to brute force the starting index, but this will make it take a lot longer to crack a password since it will need to check on average 5 to 6 times more starting points.

if PB still has the original tables, it's probably nicer to just perfect & index everything again?

If we did that then everyone would need to throw away all their tables that they downloaded. Which won't make many people happy. Well we could always use write a converter program that takes the extra data in "*.rt.extrastart" and adds it into the *.rt files. And the file sizes could stay the same if we just get rid of the check bits byte since it's not being used in the tables that are broken.

So there will be two different indexed tables ones with check bits and one with that byte used for the starting password index.

or maybe do all the options... so the 'new' visitors will download the 'clean' tables, and people that already downloaded the broken tables will be able to choose for a fix or to download the clean ones...

I will dwelwe deeper into these suggested problems.

New problem compiling rcracki under Linux x86:

Not new: search forum you'll find the answer.

Essentially you need to comment out the whole of the oracle hash function to compile on Linux.

Maybe we should use a macro to auto comment it out,if linux is used.
Sincerly your goodvirus

ok i dont understand a fuck what zou*re talking about, but all i get is that the tables are incorrect.
now the page says all tables will be reuploaded....
how high will the success rate be after the tables are corrected?

and : will the old tables still be usefull in any way? because i just finished downloading the ntml 1-7 alpha num sys32 (33gb) and i would be a bit pissed if i had to redownload them

Well... yeah... you kinda need to re-download them either that or PB can make a converter from the broken indexed tables to the new *.rti tables. Only PB or anyone who has the originals can create the "*.rt.extrastart," really fast, as mentioned here:

You can brute force the "*.rt.extrastart" but it will take a month or two by yourself.

atleast 99.9% for each completed tableset. (It will show you in the download section)



They are still a little useful, but they don't have the full success %. We used them to crack hashes in the last 2 months on the website.
If you want the full success %, you should download them again. I'm sorry for the troubles.




While investigating the issue you mentioned, i also found a flaw in the index files so they may not point to the correct position in the .rt file, thus being even more flawed. The only solution i could see is to redestribute the tables.
This time I'm 100% sure its working just as it should. I was able to convert rt -> rti -> rt and get the same file back, where conversion from rti -> rt was done using rti2rto

i can understand that this will be a pain in the *ss for some people, but at least we can now continue with clean tables...

any idea on the new hybrid tables and when you'll release those? the first small ones (loweralpha-6-6,numeric1-3) already gave some nice results, so i'm really anxious to test the next ones

So when I use rti2rto on the original tables, I don't get the same success % as the new released tables?

You use rti2rto on the new indexed tables to convert them into the old tables. So that you can use any program you want to crack passwords.
The tables named *[i]*.rt and *[i]*.rt.index are broken and don't have the same success rate as the original tables.
The new tables named *[i]*.rti and *[i]*.rti.index have the same success rate as the original tables.

Hi,
just to be sure, must i delete the tables i downloaded before:
ntlm_loweralpha-numeric-symbol32-space#1-7_x_10000x67108864_distrrtgen[p][i]_xx.rt
ntlm_loweralpha-numeric-symbol32-space#1-7_x_10000x67108864_distrrtgen[p][i]_xx.rt.index

and wait to re download the futur one as soon as they will be available, or can i convert these the file?

More over does the "old" rcracki ok or not?

thanks
Alone