By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.

Slides:



Advertisements
Similar presentations
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Advertisements

Password Cracking With Rainbow Tables
Lecture 5: Cryptographic Hashes
Chapter User authorization & safety Maciej Mensfeld Presented by: Maciej Mensfeld User authorization & safety dev.mensfeld.pl.

Recursion and Exhaustion Hong Kong Olympiad in Informatics 2009 Hackson Leung
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
Hash Tables1 Part E Hash Tables  
Hash Tables1 Part E Hash Tables  
Public Key Cryptography Topical Lecture Week 10. PUBLIC AB Public Key Cryptography A: Hey B, send me an encoded message. This is how you encode a message.
What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.
SM3121 Software Technology Mark Green School of Creative Media.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Occupational Career Project By Jimmy Evans. I want to pursue a career in computer engineering. Specifically something in computer software. I think a.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
David Froot.  How do we transmit information and data, especially over the internet, in a way that is secure and unreadable by anyone but the sender.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Objectives Learn what a file system does
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
XP New Perspectives on Microsoft Office Access 2003 Tutorial 12 1 Microsoft Office Access 2003 Tutorial 12 – Managing and Securing a Database.
Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all.
Recursion, Complexity, and Searching and Sorting By Andrew Zeng.
It is physically impossible for any data recording or transmission medium to be 100% perfect 100% of the time over its entire expected useful life. As.
CIS 450 – Network Security Chapter 8 – Password Security.
CS212: DATA STRUCTURES Lecture 10:Hashing 1. Outline 2  Map Abstract Data type  Map Abstract Data type methods  What is hash  Hash tables  Bucket.
Multi-digit Numerical Long Division 1 © 2013 Meredith S. Moody.
Exercises Information Security Course Eric Laermans – Tom Dhaene.
1 Network Security Lecture 5 Hashes and Message Digests Waleed Ejaz
6fb52297e004844aa81be d50cc3545bc Hashing!. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst
How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Introduction to Digital Media. What is it? Digital media is what computers use to; Store, transmit, receive and manipulate data Raw data are numbers,
INTERNET SAFETY FOR KIDS
Week 4 - Friday.  What did we talk about last time?  Snow day  But you should have read about  Key management.
JETT 2005 Session 5: Algorithms, Efficiency, Hashing and Hashtables.
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
March 23 & 28, Csci 2111: Data and File Structures Week 10, Lectures 1 & 2 Hashing.
March 23 & 28, Hashing. 2 What is Hashing? A Hash function is a function h(K) which transforms a key K into an address. Hashing is like indexing.
Chapter 10 Hashing. The search time of each algorithm depend on the number n of elements of the collection S of the data. A searching technique called.
Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”
COSC 2007 Data Structures II Chapter 13 Advanced Implementation of Tables IV.
Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
UNIT 5.  The related activities of sorting, searching and merging are central to many computer applications.  Sorting and merging provide us with a.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Operating Systems Security
Complexity © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.
MD5 & Hash Encryption By Alex Buzak. Overview Purpose of MD5 and Hash Encryptions Examples MD5 Algorithm Explanation of Possible Security Risks Practical.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
Importance of formative literacy experiences Daniella Ramos.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
CSC 143T 1 CSC 143 Highlights of Tables and Hashing [Chapter 11 p (Tables)] [Chapter 12 p (Hashing)]
By: Megan Funk. I will: 1. Explain the binary number system How to: -Generate binary from a number -Add binary 2. Explain the base-b number system 3.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
2.8 Error Detection and Correction
Cryptographic Hash Function
Error Detection and Correction
AP CSP: Bytes, File Sizes, and Text Compression
Dynamic Programming.
Kiran Subramanyam Password Cracking 1.
The Study of Computer Science
2.8 Error Detection and Correction
Presentation transcript:

by Wild King

Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic function. Rainbow Tables offer a TIME-MEMORY trade-off for the above process. Rainbow Tables consist of a set of arrays. Each array includes data which is there for later use (look- ups).

A hashing function is a very deterministic and well defined procedure which is usually a mathematical function which is used to convert a series of data ( e.g. plain text, passwords, phone numbers, file names etc.) into a datum of our liking. Reasons : Encryption Data Transmission Correction Data Compression Other Useful Terms : Hash values, hash codes, hash sums, checksums or simply hashes. Hashing Collision

In the field of Computer Security, hashes are widely used as a method to protect the data that is transmitted between computer systems, from outside attacks such as a Man in the Middle Attack. Hello Im John Give me your pass My pass is : lamepass Now I know too!

Hello, Im E234BC59984CD Give me your pass My pass is : FF C ?!?!?!?!?!?!

First of all to crack the Hash back to its original plain text we need to know the Hashing Function ( algorithm) that was used to generate the Hash. Then we usually use the most common way of cracking, that is called Brute Forcing. Generally Brute Forcing a hash consists of us trying every single option of the original unknown plain text, through the hashing function. If there is a match then we have found our original text.

Hashing functions most of the times consist of many, time consuming, processor hungry mathematical calculations. This is done very quickly of course for one hash. But it gets really slow when the original text: Is long Uses alphanumeric characters Uses special characters (e.g. : $ % &) This way calculations can easily take hours, days, months, even years. And this is something not efficient.

The solution to this problem are the Rainbow tables. The general idea of the Rainbow Tables is that we pre compute a great deal of the hashes, and then we store them into tables, so that we can look up the hashes later. In fact, what we really do to create a Rainbow Table, is the calculation of multiple hash chains.

For the creation of the pre computed hash chain we use two Functions : The main Hashing Function (H) A Reduction Function (R) Then we start passing random words (that could be the original text we are looking for ) in turn through the Hash Function and the Reduction Function, thus creating a chain Example : aaaaaa H 281DAF40 R sgfnyd H 920ECF10 R kiebgt aaaaabH 8676FDE1 R gfirjd H 6573FAC2 R vhridt After the computation of each chain we store only the First and the Last Passwords into the table. The first Password is the Starting Point and the last one is the End Point. After we finish computing the whole table we sort it for faster look ups. Increasing the length of the chain decreases the size of the table. It also increases the time required to perform lookups, and this is the time-memory trade-off of the rainbow table. In a simple case of one-item chains, the lookup is very fast, but the table is very big. Once chains get longer, the lookup slows down, but the table size goes down.

Now to crack the Hash we need to do the following : aaaaaa H 281DAF40 R sgfnyd H 920ECF10 R kiebgt Lets say we are given the hash : 920ECF10 First we will use the Reduction Function on this hash then the Hashing Function and so on, thus computing again a hash chain. Every time we get a product out of the Reduction Function we look it up in the End Point Array of the pre computed Rainbow tables. If we find a match then we start calculating the hash chain from the Starting Point till we get to the given Hash. Then the product prior to the given hash in the computed chain will be the password we are looking for. Back to our example : Hash = 920ECF10 R kiebgt kiebgt is in our table with a Starting point of : aaaaaa Now computing the aaaaaa hash chain we get : aaaaaa H 281DAF40 R sgfnyd H 920ECF10 So the password we are looking for is : sgfnyd

While the whole idea behind the Rainbow Tables is working, and gets the desired password much much faster than a Brute Force attack it still has some problems : It is quite useless against salted Hashes. Each pre computed Rainbow Table is attached to a specific Hashing Function and cant be used for other Functions unless recomputed. It still needs quite a lot of time to compute and sort the Table (despite some faster and improved algorithms ). The first two problems come together with the way Rainbow tables are created and the logic behind their use, and we cannot do anything to solve them but to use either another cracking method (case 1), or specific Tables (case 2). What we can do, is improve the rate at which the Tables are produced. And that we can do with the help of multiprocessor or clustered computing.

The general idea for creating fast an accurate Rainbow Table would be the following : The Master Server N Number of Workers aaaaaaaaaaabaaaaacaaaaadaaaaaeaaaaafaaaaag

The general idea for creating fast an accurate Rainbow Table would be the following : The Master Server N Number of Workers 2FA3547BCA72CCCAAA145CBDFF1903BA5423CF65AB Calculating… Storage

The general idea for creating fast an accurate Rainbow Table would be the following : The Master Server N Number of Workers Sorting

When everything is finished and the Rainbow tables are created and sorted we can access them from any computer and query the Tables for the Hash we want to crack. What is the password for : 920ECF10 ?

The speed offered by the Rainbow Tables for cracking the Hashes, combined with the computing power of a multiprocessor computer, a Cuda VGA or a Computer cluster for the creation of the Rainbow Tables, can be a very powerful tool for everyone associated with Security Auditing and Computer Security in general as a science. Just imagine that passwords that are announced as Complicated, Tough or Hard to Crack by multiple programs, and someone trying to brute - force them would require months or years to crack, now can be broken in a matter of minutes (through pre computed Rainbow Tables) or hours (including the time we need to compute the Tables ). But dont forget that Rainbow Tables are : Once Compute, Use Forever as long as the Hashing algorithm remains the same.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.