Misplaced Pages

Rainbow table

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

This is an old revision of this page, as edited by 208.223.98.89 (talk) at 22:08, 10 March 2006 (External links). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 22:08, 10 March 2006 by 208.223.98.89 (talk) (External links)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

A rainbow table is a special type of lookup table that is constructed by placing a plaintext password entry in a chain of keys and ciphertexts, generated by a one-way hash. The end result is a table that contains statistically high chance of revealing a password within a short period of time, generally less than a minute. The success probability of the table depends on the parameters used to generate it. These include the character set used, password length, chain length, and table count.

Success probability is defined as the probability that the plaintext can be found for a given ciphertext. In the case of passwords, the password is the plaintext, and the hash of the password is the ciphertext, so the success probability is the probability that the original password can be recovered from the password hash.

Tables are specific to the hash function they were created for e.g., MD5 tables can only crack MD5 hashes. The theory of this technique was first pioneered by Philippe Oechslin as a fast form of time-memory tradeoff (PDF), which he implemented in the Windows password cracker Ophcrack. The more powerful RainbowCrack program was later developed that can generate and use rainbow tables for a variety of character sets and hashing algorithms, including LM hash, MD5, SHA1, etc.

The pre-computation time for generating quality (99.9% successful) Rainbow Tables requires a network of distributed computers working together for a long time. However, there are now sites online that have created these tables for sale and actually sell them at a reasonable price. Their computing resources and time can save you money and time and assure that you receive quality tables. One site that specializes in pre-computed, pre-sorted Rainbow Tables is http://passwordsecuritycenter.com.

Defense against rainbow tables

A rainbow table is ineffective against one-way hashes that include salts. For example, consider a password hash that is generated using the following function (where "+" is the concatenation operator):

hash = MD5(password + salt)

To recover the password, a password cracker would have to generate every possible salt for every possible password — a rainbow table would not give any benefit. However, given a password hash generated using the simpler, unsalted function:

hash = MD5(password)

In this case, a password cracker may benefit from a rainbow table.

Nearly all distributions and variations of Unix, Linux, and BSD use one-way hashes with salts, though many PHP web applications use just a hash (typically MD5) with no salt. The Windows NT/2000 family of windows uses the LAN Manager and NT LAN Manager hashing method and is also unsalted, which make it one of the more popularly generated tables.

External links

System - FREE


Stub icon

This computing article is a stub. You can help Misplaced Pages by expanding it.

Categories: