Security firm Mandiant has released a rainbow table intended to recover Net-NTLMv1 passwords, a move designed to showcase the weaknesses of the deprecated hashing scheme and pressure organizations to migrate away from NTLMv1. The data set is hosted in Google Cloud and consists of precomputed hash-to-password mappings that can map a stolen Net-NTLMv1 hash back to its plaintext password.
Rainbow tables exploit NTLMv1’s limited keyspace, making the construction of cross-hash tables straightforward compared with newer hashing methods. While rainbow tables have existed for years, the new release highlights the potential for faster password recovery using consumer hardware rather than specialized gear.
In a statement, Mandiant said the NTLMv1 rainbow table could enable defenders and researchers (and, regrettably, malicious actors as well) to recover passwords in under 12 hours using hardware costing less than $600. The organization argues that releasing these tables lowers the barrier for demonstrating NTLMv1’s insecurity without requiring sensitive data uploads to third parties or expensive equipment.
Security experts caution that NTLMv1 persists in some high-assurity networks due to legacy applications and downtime concerns. The guidance remains clear: disable Net-NTLMv1 where possible and migrate to NTLMv2 or other modern authentication mechanisms to reduce the risk of credential compromise.
