Rainbow table: Difference between revisions

Browse history interactively ← Previous edit Next edit →Content deleted Content addedVisual WikitextInline

Revision as of 01:26, 17 November 2005 editF (talk \| contribs)Extended confirmed users, Pending changes reviewers, Rollbackers5,589 edits rvv← Previous edit		Revision as of 10:13, 18 November 2005 edit undo64.34.165.134 (talk) link to time-memory/space-time tradeoffNext edit →
Line 1:		Line 1:
	A '''rainbow table''' is a ] cracking method created by Philippe Oechslin that uses a faster time-memory ~~trade-off~~ technique (PDF). Lists of hashed passwords are pre-generated into files with a utility ''(rtgen)'' that allows for hashes to be cracked in a short period of time, generally less than a minute. Tables are hash specific, e.g. MD5 tables can only crack MD5 hashes.		A '''rainbow table''' is a ] cracking method created by Philippe Oechslin that uses a faster ] technique (PDF). Lists of hashed passwords are pre-generated into files with a utility ''(rtgen)'' that allows for hashes to be cracked in a short period of time, generally less than a minute. Tables are hash specific, e.g. MD5 tables can only crack MD5 hashes.

Revision as of 10:13, 18 November 2005

A rainbow table is a one-way hash cracking method created by Philippe Oechslin that uses a faster time-memory tradeoff technique (PDF). Lists of hashed passwords are pre-generated into files with a utility (rtgen) that allows for hashes to be cracked in a short period of time, generally less than a minute. Tables are hash specific, e.g. MD5 tables can only crack MD5 hashes.

Defense against Rainbow Tables

A rainbow table is essentially worthless against one-way hashes that include tokens (or salts, in the case of 56-bit DES). For example, if a password hash is generated using the following function (where "." is the concatenation operator):

hash = md5sum(password . token)

...a password cracker would have to generate both every possible token for every possible password -- a rainbow table would not give any benefit. However, if a password hash is generated using the following function:

hash = md5sum(password)

...a password cracker may benefit from a rainbow table.

Nearly all distributions and variations of Unix, Linux, and BSD use one-way hashes and salts, though many PHP web applications use regular MD5.

External links

Plain-Text Team - Largest Distributed Rainbow Table Cracking System (over 600gb of tables)
Project RainbowCrack - Official site.
RainbowCrack Tutorial - Tutorial on using Rainbow Tables.
winrtgen - GUI for rtgen.
PassCracking.com - MD5 online cracking.
PassCracking.ru - MD5 online cracking + database.
rainbowtables.shmoo.com - Free LanMan rainbow tables.
http://rainbowcrack.com/ - Community based distributed rainbow table generation

This computing article is a stub. You can help Misplaced Pages by expanding it.

Category:

Computing stubs