| Revision as of 21:28, 26 October 2005 edit217.9.84.239 (talk) →External Links← Previous edit | Revision as of 07:52, 29 October 2005 edit undoF (talk | contribs)Extended confirmed users, Pending changes reviewers, Rollbackers5,589 edits formatNext edit → | ||
| Line 1: | Line 1: | ||
| ⚫ | A '''rainbow table''' is a ] cracking method created by Philippe Oechslin that uses a faster time-memory trade-off technique (PDF). Lists of hashed passwords are pre-generated into files with a utility ''(rtgen)'' that allows for hashes to be cracked in a short period of time, generally less than a minute. Tables are hash specific, e.g. MD5 tables can only crack MD5 hashes. | ||
| ⚫ | ==Rainbow Tables== | ||
| ⚫ | A '''rainbow table''' is a cracking method created by Philippe Oechslin that uses a faster time-memory trade-off technique . Lists of hashed passwords are pre-generated into files with a utility ''(rtgen)'' that allows for hashes to be cracked in a short period of time, generally less than a minute. Tables are hash specific, e.g. MD5 tables can only crack MD5 hashes. | ||
| ⚫ | ==Defense against Rainbow Tables== | ||
| ===Defense against Rainbow Tables=== | |||
| A rainbow table is essentially worthless against one-way hashes that include tokens (or salts, in the case of 56-bit ]). For example, if a password hash is generated using the following function (where "." is the ] operator): | A rainbow table is essentially worthless against one-way hashes that include tokens (or salts, in the case of 56-bit ]). For example, if a password hash is generated using the following function (where "." is the ] operator): | ||
| hash = md5sum(password . token) | |||
| ...a password cracker would have to generate both every possible token for every possible password -- a rainbow table would not give any benefit. However, if a password hash is generated using the following function: | ...a password cracker would have to generate both every possible token for every possible password -- a rainbow table would not give any benefit. However, if a password hash is generated using the following function: | ||
| hash = md5sum(password) | |||
| ...a password cracker may benefit from a rainbow table. | ...a password cracker may benefit from a rainbow table. | ||
| Line 25: | Line 22: | ||
| * - Free ] rainbow tables. | * - Free ] rainbow tables. | ||
| * - Free online MD5 hash database. | * - Free online MD5 hash database. | ||
| *http://rainbowcrack.com/ - Community based distributed rainbow table generation | |||
| {{compu-stub}} | {{compu-stub}} | ||
Revision as of 07:52, 29 October 2005
A rainbow table is a one-way hash cracking method created by Philippe Oechslin that uses a faster time-memory trade-off technique (PDF). Lists of hashed passwords are pre-generated into files with a utility (rtgen) that allows for hashes to be cracked in a short period of time, generally less than a minute. Tables are hash specific, e.g. MD5 tables can only crack MD5 hashes.
Defense against Rainbow Tables
A rainbow table is essentially worthless against one-way hashes that include tokens (or salts, in the case of 56-bit DES). For example, if a password hash is generated using the following function (where "." is the concatenation operator):
hash = md5sum(password . token)
...a password cracker would have to generate both every possible token for every possible password -- a rainbow table would not give any benefit. However, if a password hash is generated using the following function:
hash = md5sum(password)
...a password cracker may benefit from a rainbow table.
Nearly all distributions and variations of Unix, Linux, and BSD use one-way hashes and salts, though many PHP web applications use regular MD5.
External Links
- Plain-Text Team - Largest Distributed Rainbow Table Cracking System (over 600gb of tables)
- Project RainbowCrack - Official site.
- RainbowCrack Tutorial - Tutorial on using Rainbow Tables.
- winrtgen - GUI for rtgen.
- PassCracking.com - MD5 online cracking.
- PassCracking.ru - MD5 online cracking + database.
- rainbowtables.shmoo.com - Free LanMan rainbow tables.
- gdataonline.com - Free online MD5 hash database.
- http://rainbowcrack.com/ - Community based distributed rainbow table generation
 | This computing article is a stub. You can help Misplaced Pages by expanding it. |