1 / 7

Password Cracking With Rainbow Tables

Password Cracking With Rainbow Tables. Spencer Dawson. Summary. What are rainbow tables? A time and memory tradeoff in password cracking. A piecewise approach to one-way hashes What are the advantages/disadvantages Best uses Limitations How to use rainbow tables. What are rainbow tables?.

lolita
Download Presentation

Password Cracking With Rainbow Tables

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Password Cracking With Rainbow Tables Spencer Dawson

  2. Summary • What are rainbow tables? • A time and memory tradeoff in password cracking. • A piecewise approach to one-way hashes • What are the advantages/disadvantages • Best uses • Limitations • How to use rainbow tables.

  3. What are rainbow tables? • A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function • Approach invented by Martin Hellman • The concept behind rainbow tables is simple • Make one-way hash functions two way by making a list of outputs for all possible inputs up to a character limit

  4. What are the limitations? • Rainbow Tables are Large • A rainbow table set for windows NTHASH exactly 8 characters including only 0-10, a-z, A-Z, and the symbols !* is 134.6GB • 9+ character rainbow tables can take up terabytes of space. • Generating rainbow tables requires more time than a brute force attack • Always “worst case” time complexity. • Requires access to the password hash • Salting passwords can make the approach unfeasable

  5. Hash Table Advantages • Rainbow Tables are built once, and used many times • Fast • Password lookups become a table search problem • The brute force work is pre-computed • Perfect for cracking weak hashes • Windows LM hashes of 14 characters or less can be cracked with trivial effort • Any non salting password hash can be cracked easily

  6. Examples • Rainbow table cracking online • http://lmcrack.com/

  7. QUESTIONS?

More Related