Presentation on theme: "Password Cracking With Rainbow Tables"— Presentation transcript:
1Password Cracking With Rainbow Tables Spencer Dawson
2Summary What are rainbow tables? What are the advantages/disadvantages A time and memory tradeoff in password cracking.A piecewise approach to one-way hashesWhat are the advantages/disadvantagesBest usesLimitationsHow to use rainbow tables.
3What are rainbow tables? A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash functionApproach invented by Martin HellmanThe concept behind rainbow tables is simpleMake one-way hash functions two way by making a list of outputs for all possible inputs up to a character limit
4What are the limitations? Rainbow Tables are LargeA rainbow table set for windows NTHASH exactly 8 characters including only 0-10, a-z, A-Z, and the symbols !* is 134.6GB9+ character rainbow tables can take up terabytes of space.Generating rainbow tables requires more time than a brute force attackAlways “worst case” time complexity.Requires access to the password hashSalting passwords can make the approach unfeasable
5Hash Table AdvantagesRainbow Tables are built once, and used many timesFastPassword lookups become a table search problemThe brute force work is pre-computedPerfect for cracking weak hashesWindows LM hashes of 14 characters or less can be cracked with trivial effortAny non salting password hash can be cracked easily