Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.

Published byCameron Hudnell Modified over 10 years ago

Similar presentations

Presentation on theme: "By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic."— Presentation transcript:

1 by Wild King

2 Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic function. Rainbow Tables offer a TIME-MEMORY trade-off for the above process. Rainbow Tables consist of a set of arrays. Each array includes data which is there for later use (look- ups).

3 A hashing function is a very deterministic and well defined procedure which is usually a mathematical function which is used to convert a series of data ( e.g. plain text, passwords, phone numbers, file names etc.) into a datum of our liking. Reasons : Encryption Data Transmission Correction Data Compression Other Useful Terms : Hash values, hash codes, hash sums, checksums or simply hashes. Hashing Collision

4 In the field of Computer Security, hashes are widely used as a method to protect the data that is transmitted between computer systems, from outside attacks such as a Man in the Middle Attack. Hello Im John Give me your pass My pass is : lamepass Now I know too!

5 Hello, Im E234BC59984CD Give me your pass My pass is : FF3451100C ?!?!?!?!?!?!

6 First of all to crack the Hash back to its original plain text we need to know the Hashing Function ( algorithm) that was used to generate the Hash. Then we usually use the most common way of cracking, that is called Brute Forcing. Generally Brute Forcing a hash consists of us trying every single option of the original unknown plain text, through the hashing function. If there is a match then we have found our original text.

7 Hashing functions most of the times consist of many, time consuming, processor hungry mathematical calculations. This is done very quickly of course for one hash. But it gets really slow when the original text: Is long Uses alphanumeric characters Uses special characters (e.g. : $ % &) This way calculations can easily take hours, days, months, even years. And this is something not efficient.

8 The solution to this problem are the Rainbow tables. The general idea of the Rainbow Tables is that we pre compute a great deal of the hashes, and then we store them into tables, so that we can look up the hashes later. In fact, what we really do to create a Rainbow Table, is the calculation of multiple hash chains.

9 For the creation of the pre computed hash chain we use two Functions : The main Hashing Function (H) A Reduction Function (R) Then we start passing random words (that could be the original text we are looking for ) in turn through the Hash Function and the Reduction Function, thus creating a chain Example : aaaaaa H 281DAF40 R sgfnyd H 920ECF10 R kiebgt aaaaabH 8676FDE1 R gfirjd H 6573FAC2 R vhridt After the computation of each chain we store only the First and the Last Passwords into the table. The first Password is the Starting Point and the last one is the End Point. After we finish computing the whole table we sort it for faster look ups. Increasing the length of the chain decreases the size of the table. It also increases the time required to perform lookups, and this is the time-memory trade-off of the rainbow table. In a simple case of one-item chains, the lookup is very fast, but the table is very big. Once chains get longer, the lookup slows down, but the table size goes down.

10 Now to crack the Hash we need to do the following : aaaaaa H 281DAF40 R sgfnyd H 920ECF10 R kiebgt Lets say we are given the hash : 920ECF10 First we will use the Reduction Function on this hash then the Hashing Function and so on, thus computing again a hash chain. Every time we get a product out of the Reduction Function we look it up in the End Point Array of the pre computed Rainbow tables. If we find a match then we start calculating the hash chain from the Starting Point till we get to the given Hash. Then the product prior to the given hash in the computed chain will be the password we are looking for. Back to our example : Hash = 920ECF10 R kiebgt kiebgt is in our table with a Starting point of : aaaaaa Now computing the aaaaaa hash chain we get : aaaaaa H 281DAF40 R sgfnyd H 920ECF10 So the password we are looking for is : sgfnyd

11 While the whole idea behind the Rainbow Tables is working, and gets the desired password much much faster than a Brute Force attack it still has some problems : It is quite useless against salted Hashes. Each pre computed Rainbow Table is attached to a specific Hashing Function and cant be used for other Functions unless recomputed. It still needs quite a lot of time to compute and sort the Table (despite some faster and improved algorithms ). The first two problems come together with the way Rainbow tables are created and the logic behind their use, and we cannot do anything to solve them but to use either another cracking method (case 1), or specific Tables (case 2). What we can do, is improve the rate at which the Tables are produced. And that we can do with the help of multiprocessor or clustered computing.

12 The general idea for creating fast an accurate Rainbow Table would be the following : The Master Server N Number of Workers aaaaaaaaaaabaaaaacaaaaadaaaaaeaaaaafaaaaag

13 The general idea for creating fast an accurate Rainbow Table would be the following : The Master Server N Number of Workers 2FA3547BCA72CCCAAA145CBDFF1903BA5423CF65AB Calculating… Storage

14 The general idea for creating fast an accurate Rainbow Table would be the following : The Master Server N Number of Workers Sorting

15 When everything is finished and the Rainbow tables are created and sorted we can access them from any computer and query the Tables for the Hash we want to crack. What is the password for : 920ECF10 ?

16 The speed offered by the Rainbow Tables for cracking the Hashes, combined with the computing power of a multiprocessor computer, a Cuda VGA or a Computer cluster for the creation of the Rainbow Tables, can be a very powerful tool for everyone associated with Security Auditing and Computer Security in general as a science. Just imagine that passwords that are announced as Complicated, Tough or Hard to Crack by multiple programs, and someone trying to brute - force them would require months or years to crack, now can be broken in a matter of minutes (through pre computed Rainbow Tables) or hours (including the time we need to compute the Tables ). But dont forget that Rainbow Tables are : Once Compute, Use Forever as long as the Hashing algorithm remains the same.

17 http://www.ethicalhacker.net/content/view/94/24/ http://en.wikipedia.org/wiki/Rainbow_table http://en.wikipedia.org/wiki/Hash_function

Download ppt "By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic."

Similar presentations

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Password Cracking With Rainbow Tables

Password Cracking With Rainbow Tables
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
Chapter 3.3 - User authorization & safety Maciej Mensfeld Presented by: Maciej Mensfeld User authorization & safety dev.mensfeld.pl.

Chapter User authorization & safety Maciej Mensfeld Presented by: Maciej Mensfeld User authorization & safety dev.mensfeld.pl.
251959084756578934940271832400483985714 292821262040320277771378360436620207075 955562640185258807844069182906412495150 821892985591491761845028084891200728449.

Recursion and Exhaustion Hong Kong Olympiad in Informatics 2009 Hackson Leung 2009-01-24.

Recursion and Exhaustion Hong Kong Olympiad in Informatics 2009 Hackson Leung
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.

David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
Hash Tables1 Part E Hash Tables   0 1 2 3 4 451-229-0004 981-101-0002 025-612-0001.

Hash Tables1 Part E Hash Tables  
Hash Tables1 Part E Hash Tables   0 1 2 3 4 451-229-0004 981-101-0002 025-612-0001.

Hash Tables1 Part E Hash Tables  
Public Key Cryptography Topical Lecture Week 10. PUBLIC AB Public Key Cryptography A: Hey B, send me an encoded message. This is how you encode a message.

Public Key Cryptography Topical Lecture Week 10. PUBLIC AB Public Key Cryptography A: Hey B, send me an encoded message. This is how you encode a message.
What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.

What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.
SM3121 Software Technology Mark Green School of Creative Media.

SM3121 Software Technology Mark Green School of Creative Media.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Occupational Career Project By Jimmy Evans. I want to pursue a career in computer engineering. Specifically something in computer software. I think a.

Occupational Career Project By Jimmy Evans. I want to pursue a career in computer engineering. Specifically something in computer software. I think a.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
David Froot.  How do we transmit information and data, especially over the internet, in a way that is secure and unreadable by anyone but the sender.

David Froot.  How do we transmit information and data, especially over the internet, in a way that is secure and unreadable by anyone but the sender.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18, 2013 1.

Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

Similar presentations

Ads by Google