Overview
The biggest problem right now with rainbow tables is the size, and the search speed. They're very large, and searching them requires very fast drives to provide acceptable performance. Fortunately, there's a solution to this! Cryptohaze WebTables give you all the benefits of rainbow tables (fast searching) without having to fully download the tables! Plus, by using a centralized server, fast drives can be installed and the cost spread among many users.
Samples
If you want to try out WebTables, you can use the sample server set up with len6 MD5 and NTLM tables. Simply download the latest version of the rainbow table tools, then run it with:
GRTCrack-[Platform] -f [hashfile] -h [hashtype: MD5/NTLM] --tableurl http://freetables.cryptohaze.com/webtables.php
This will use the example tables present on the freetables server to make an attempt at your MD5 or NTLM len6 passwords. Note that all the computation happens on your local system - only the searching is done remotely! Note that this server may be under heavy utilization, and slower than optimal - in good cases, you can get 3000+ hashes/second worth of search rate. This slows when many people are using it. Other servers I have set up do not suffer nearly as badly. ;-)
Hash Disclosure
One obvious question of concern is, "What is sent to the server?" Right now, the full list of candidate hashes, in sorted order, is sent. This DOES include the specific hashes you are searching for right now - so if your rules of engagement state that you cannot let hashes leave, this won't work for you. However, there is no way to tell which hashes are the target ones. This may be acceptable. In a future revision, I will be adding support to prevent sending the actual target hashes - so the only data sent will be generated candidates minus the target hashes (which are normally included in the candidates). Another factor to consider is that the data sent to the server is NOT the full hash - it is only the first few bytes of the hash (typically 8 bytes or fewer). This means that the entire hash is never being sent. If you have more specific questions on hash disclosure, feel free to ask on the forum or email me directly. I will also be adding SSL support to the servers shortly, ensuring the candidate hashes are well protected in transit.
Other Tables
I am working on adding a subscription service to support other tables. If you are interested in WebTable access to len7 or len8 tables right now, please email me and I'll see if I can hook you up!
~Bitweasil