Presentation on theme: "Password Cracking With Rainbow Tables"— Presentation transcript:
1 Password Cracking With Rainbow Tables Spencer Dawson
2 Summary What are rainbow tables? What are the advantages/disadvantages A time and memory tradeoff in password cracking.A piecewise approach to one-way hashesWhat are the advantages/disadvantagesBest usesLimitationsHow to use rainbow tables.
3 What are rainbow tables? A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash functionApproach invented by Martin HellmanThe concept behind rainbow tables is simpleMake one-way hash functions two way by making a list of outputs for all possible inputs up to a character limit
4 What are the limitations? Rainbow Tables are LargeA rainbow table set for windows NTHASH exactly 8 characters including only 0-10, a-z, A-Z, and the symbols !* is 134.6GB9+ character rainbow tables can take up terabytes of space.Generating rainbow tables requires more time than a brute force attackAlways “worst case” time complexity.Requires access to the password hashSalting passwords can make the approach unfeasable
5 Hash Table AdvantagesRainbow Tables are built once, and used many timesFastPassword lookups become a table search problemThe brute force work is pre-computedPerfect for cracking weak hashesWindows LM hashes of 14 characters or less can be cracked with trivial effortAny non salting password hash can be cracked easily