| Revision as of 10:13, 18 November 2005 edit64.34.165.134 (talk) link to time-memory/space-time tradeoff← Previous edit | Revision as of 10:42, 18 November 2005 edit undo64.34.165.134 (talk)No edit summaryNext edit → | ||
| Line 1: | Line 1: | ||
| A '''rainbow table''' is a special type of ] that is constructed by placing a plaintext password entry in a chain of keys and cyphertexts, generated by a ]. The end result is a highly compressed table that contains statistically high chance of revealing a password within a short period of time, generally less than a minute. The success probability of the table depends on the parameters used to generate it. These include the character set used, password length, chain length, table count. Tables are hash specific, e.g. MD5 tables can only crack MD5 hashes. The theory of this technique was first pioneered by Philippe Oechslin as a fast form of ] (PDF). | |||
| A '''rainbow table''' is a ] cracking method created by Philippe Oechslin that uses a faster ] technique (PDF). Lists of hashed passwords are pre-generated into files with a utility ''(rtgen)'' that allows for hashes to be cracked in a short period of time, generally less than a minute. Tables are hash specific, e.g. MD5 tables can only crack MD5 hashes. | |||
Revision as of 10:42, 18 November 2005
A rainbow table is a special type of lookup table that is constructed by placing a plaintext password entry in a chain of keys and cyphertexts, generated by a one-way hash. The end result is a highly compressed table that contains statistically high chance of revealing a password within a short period of time, generally less than a minute. The success probability of the table depends on the parameters used to generate it. These include the character set used, password length, chain length, table count. Tables are hash specific, e.g. MD5 tables can only crack MD5 hashes. The theory of this technique was first pioneered by Philippe Oechslin as a fast form of time-memory tradeoff (PDF).
Defense against Rainbow Tables
A rainbow table is essentially worthless against one-way hashes that include tokens (or salts, in the case of 56-bit DES). For example, if a password hash is generated using the following function (where "." is the concatenation operator):
hash = md5sum(password . token)
...a password cracker would have to generate both every possible token for every possible password -- a rainbow table would not give any benefit. However, if a password hash is generated using the following function:
hash = md5sum(password)
...a password cracker may benefit from a rainbow table.
Nearly all distributions and variations of Unix, Linux, and BSD use one-way hashes and salts, though many PHP web applications use regular MD5.
External links
- Plain-Text Team - Largest Distributed Rainbow Table Cracking System (over 600gb of tables)
- Project RainbowCrack - Official site.
- RainbowCrack Tutorial - Tutorial on using Rainbow Tables.
- winrtgen - GUI for rtgen.
- PassCracking.com - MD5 online cracking.
- PassCracking.ru - MD5 online cracking + database.
- rainbowtables.shmoo.com - Free LanMan rainbow tables.
- http://rainbowcrack.com/ - Community based distributed rainbow table generation
 | This computing article is a stub. You can help Misplaced Pages by expanding it. |