I'm fascinated by Cryptography. I just never get around to brush up on my mathematics. I have seen the mention of Rainbowtables before. Actually it's quite easily demystified. Most passwords are or should be hashed. A method of one-way encryption. One of the only methods to crack these is through bruteforce. Which is quite resource intensive. How do we get around this? Keep a table of as much possible hashes and perform a lookup. You can't decrypt it but it's kind of a loophole to 'find' the password faster then a simple bruteforce. It is easily defeated using salt. Another disadvantage that a table can never hold 'all' combinations. The bigger the rainbowtable, the bigger chance it contains 'the' password.
The full explanation is here. Also a 'fun' read about cryptography : Cryptonomicon.
Statistics
Average running time for of the demo, using table set SSTIC04-2.7k (1.1GB)| alphanumeric passwords: | 1.67 seconds |
| paswords with one non-alphanumeric half: | 26.14 seconds |
| passwords with two non-alphanumeric halves (not cracked): | 42.14 seconds |
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
1 comments:
Hi ...
I once cooperated in calculating the rainbow tables for ntlm, lanmanager and md5.
We pre-calculated about 200 ISO files per table and managed to get them on an Israeli SQL database.
Results were very good !
Average time was about 3 minutes to crack an administrator or system account.
Gr
Post a Comment