An archive of descrypt hashes for common non-personal passwords
MIT License
ken
's Salty Rainbowken
's Salty "Rainbow" is a search-engine-discoverable archive of descrypt (traditional Unix DES crypt) hashes for 7180 common passwords and variants - especially default passwords, temporary passwords, and generic operational/lab/development passwords.
Rainbow tables are largely dead for most password-cracking use cases (even for unsalted hashes).
But as the historical (and historic) salted hash, descrypt is a unique hybrid: slow enough to take time to exhaust, but fast enough (and truncated enough) to make naive lookup useful for non-specialists (who are desperate and Googling).
The descrypt hash format also still seems to be the default for a number of embedded platforms.
This all means that descrypt is perhaps the only standard salted hash for which a rainbow table (or other lookup) might still be useful - hence the name.
This repository should illustrate - to developers, embedded platform architects, and IoT manufacturers - that choosing descrypt has been a bad idea for some time ... and will only get worse.
(And to be clear, I think that descrypt was a pretty brilliant improvement when it was introduced, and I'm a huge fan. But its time has passed.)
Some Palo Alto gear uses 'admin' as the default password, configured by default with the same salt every time
fnRL/G5lXVMug:admin
DSL-2750u routers with PTCL firmware have these hard-coded default credentials:
admin kcCkosSQIzsyI:admin
user tFXuAIJGpWSdY:user
support 3YpechUwDY1Fc:support
'password' as many unsalted hashes: https://gist.github.com/roycewilliams/5e8d676ac4fe54fb7b6cb233b0721f57
'password' hashed with the first 10,000 rounds of MD5: https://gist.github.com/roycewilliams/794e4d7a81e7840deae29fdc7c03fa10
Common season+year+special passwords, major unsalted hashes: https://gist.github.com/roycewilliams/1603d23a4c5d3eda44fae348f6e0e954