Presentation is loading. Please wait.

Presentation is loading. Please wait.

What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.

Published byRonald Reynolds Modified over 9 years ago

Similar presentations

Presentation on theme: "What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and."— Presentation transcript:

1 What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and there is a unique plain text value for every hash. A rainbow table is a lookup table offering a time- memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function Approach invented by Martin Hellman

2 What Are Rainbow Tables? The concept behind rainbow tables is simple Make one-way hash functions two way by making a list of outputs for all possible inputs up to a character limit Rainbow Tables are built once, and used many times Fast Password lookups become a table search problem The brute force work is pre-computed Perfect for cracking weak hashes Windows LM hashes of 14 characters or less can be cracked with trivial effort Any non salting password hash can be cracked easily

3

4 Rainbow table Cracking It includes three tools: rtgen program to generate rainbow tables. rtsort program to sort rainbow tables generated by rtgen. rcrack program to lookup rainbow tables sorted by rtsort. It also has a.txt file with name "charset.txt“ and it contains all the available set of chars used to generate the tables. Download one of the latest version and then extract it(we use windows version)– http://project-rainbowcrack.com

5 Generate a Rainbow Table Default Syntax of the command: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index Command: $rtgen md5 loweralpha-numeric 1 5 0 10000 9682 0 Description: hash_algorithm can be: LM, NTLM, MD5 charset can be: alpha-numeric, loweralpha-numeric, etc. plaintext_len_min describes the minimum length of hash code. plaintext_len_max describes the maximum length of hash code. table_index describes the order of the tables. chain_len describes the length of each "rainbow chain". chain_num describes the number of rainbow chains in the rainbow table. part_index determines how the "start point" in each rainbow chain is generated Continue those commands to generate more tables- $rtgen md5 loweralpha-numeric 1 5 1 10000 9682 0 $rtgen md5 loweralpha-numeric 1 5 2 10000 9682 0 $rtgen md5 loweralpha-numeric 1 5 3 10000 9682 0 $rtgen md5 loweralpha-numeric 1 5 4 10000 9682 0

6 Sort Rainbow Tables rtsort program is used to sort the "end point" of all rainbow chains in a rainbow table to make table lookup easier. The syntax of the command line is: $rtsort md5_ loweralpha-numeric#1-5_0_10000x9682_0.rt $rtsort md5_ loweralpha-numeric#1-5_1_10000x9682_0.rt $rtsort md5_ loweralpha-numeric#1-5_2_10000x9682_0.rt $rtsort md5_ loweralpha-numeric#1-5_3_10000x9682_0.rt $rtsort md5_ loweralpha-numeric#1-5_4_10000x9682_0.rt

7 Crack Hashes Use rcrack tool to lookup the rainbow tables for the suitable - required Hash code. The default syntax of the command is: crack /the/directory/of/*.rt -option hash_code Here option can be: -h: use_hash_directly_here -f : pwdump_file -l : hash_list_file Command: $rcrack *.rt -h D9DA8170E8BC9F27B2D32A6C9A6C697D The plain text password of the given hash with reasonable time and memory will be shown

8 Edit Charset.txt List We can also change the character set from the character.txt file- $set_cahr_name =[my,chars,-,symbols] For more details: http://www.liatsisfotis.com/2013/01/crack-hashes-using-rainbow- tables.html

9 Password Manager(LastPass)

10 LastPass LastPass is easy, secure password and data management. Passwords in LastPass are protected by a master password, encrypted locally, and synchronized to any other browser. All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you.

11 LastPass https://www.youtube.com/watch?v=RM0fzHxMASQ

12 LastPass All sensitive data is encrypted locally Government-level encryption. Only you know the key to decrypt your data You control your security settings You can generate unique, strong passwords

Download ppt "What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and."

Similar presentations

Password Cracking With Rainbow Tables

Password Cracking With Rainbow Tables
By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.

By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.
Use of a One-Way Hash without a Salt

Use of a One-Way Hash without a Salt
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Secure Password Storage JOSHUA SMALL HTTPS://GITHUB.COM/TECHNION/ LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE-2013-2352.

Secure Password Storage JOSHUA SMALL LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE
3/5/2009Computer systems1 Analyzing System Using Data Dictionaries Computer System: 1. Data Dictionary 2. Data Dictionary Categories 3. Creating Data Dictionary.

3/5/2009Computer systems1 Analyzing System Using Data Dictionaries Computer System: 1. Data Dictionary 2. Data Dictionary Categories 3. Creating Data Dictionary.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Security in SQL Jon Holmes CIS 407 Fall 2007. Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18, 2013 1.

Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
Windows Security Mechanisms Al Bento - University of Baltimore.

Windows Security Mechanisms Al Bento - University of Baltimore.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Yvan Cartwright, Web Security Introduction Correct encryption use Guide to passwords Dictionary hacking Brute-force hacking.

Yvan Cartwright, Web Security Introduction Correct encryption use Guide to passwords Dictionary hacking Brute-force hacking.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
What Password Cracking Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer.

What Password Cracking Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer.

Similar presentations

Ads by Google