Password Cracking

I’ve written in the past about how I use SAMINSIDE and Rainbow Tables to audit passwords. I also wrote how I disabled LANMAN hash storage and as a result the LANMAN Rainbow Tables attack wouldn’t be working anymore.
In the interim I’ve been using brute force attacks looking for 8 character passwords that consist entirely of lower alphas. I’ve also tried brute force attacks that tack numbers on to the end and make the first letter an upper case.
This week, I found a NTLM Rainbow Table for lowercase alphabetical passwords of length 1 through 8. While we now require stronger passwords than this, I thought it was worth trying out. The pre-calculated tables attack has been running for a couple of days. I’m pretty sure that the brute force attack for lower alphas of length 8 did not take this long.