Presentation is loading. Please wait.

Presentation is loading. Please wait.

Password Cracking With Rainbow Tables

Published byStacey Bolson Modified over 10 years ago

Similar presentations

Presentation on theme: "Password Cracking With Rainbow Tables"— Presentation transcript:

1 Password Cracking With Rainbow Tables
Spencer Dawson

2 Summary What are rainbow tables? What are the advantages/disadvantages
A time and memory tradeoff in password cracking. A piecewise approach to one-way hashes What are the advantages/disadvantages Best uses Limitations How to use rainbow tables.

3 What are rainbow tables?
A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function Approach invented by Martin Hellman The concept behind rainbow tables is simple Make one-way hash functions two way by making a list of outputs for all possible inputs up to a character limit

4 What are the limitations?
Rainbow Tables are Large A rainbow table set for windows NTHASH exactly 8 characters including only 0-10, a-z, A-Z, and the symbols !* is 134.6GB 9+ character rainbow tables can take up terabytes of space. Generating rainbow tables requires more time than a brute force attack Always “worst case” time complexity. Requires access to the password hash Salting passwords can make the approach unfeasable

5 Hash Table Advantages Rainbow Tables are built once, and used many times Fast Password lookups become a table search problem The brute force work is pre-computed Perfect for cracking weak hashes Windows LM hashes of 14 characters or less can be cracked with trivial effort Any non salting password hash can be cracked easily

6 Examples Rainbow table cracking online

7 QUESTIONS?

Download ppt "Password Cracking With Rainbow Tables"

Similar presentations

By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.

By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Use of a One-Way Hash without a Salt

Use of a One-Way Hash without a Salt
Lee Jae-song 1.  How to cryptanalysis DES?  C = E K (P)  E is DES encryption funtion  K is a key, 56-bit.  P is a plaintext, C is a ciphertext, both.

Lee Jae-song 1.  How to cryptanalysis DES?  C = E K (P)  E is DES encryption funtion  K is a key, 56-bit.  P is a plaintext, C is a ciphertext, both.
Secure Password Storage JOSHUA SMALL HTTPS://GITHUB.COM/TECHNION/ LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE-2013-2352.

Secure Password Storage JOSHUA SMALL LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
Announcements: Get your ch 1-2 quiz if you haven’t. Get your ch 1-2 quiz if you haven’t. Grading change: Grading change: Homeworks are mixed programming.

Announcements: Get your ch 1-2 quiz if you haven’t. Get your ch 1-2 quiz if you haven’t. Grading change: Grading change: Homeworks are mixed programming.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.

What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Cryptanalysis. The Speaker  Chuck Easttom  

Cryptanalysis. The Speaker  Chuck Easttom  
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Hellman’s TMTO 1 Hellman’s TMTO Attack. Hellman’s TMTO 2 Popcnt  Before we consider Hellman’s attack, consider simpler Time-Memory Trade-Off  “Population.

Hellman’s TMTO 1 Hellman’s TMTO Attack. Hellman’s TMTO 2 Popcnt  Before we consider Hellman’s attack, consider simpler Time-Memory Trade-Off  “Population.
Security and Protection of Information, Brno 9.-11.5.2001 1 Using quasigroups for secure encoding of file system Eliška Ochodková, Václav Snášel

Security and Protection of Information, Brno Using quasigroups for secure encoding of file system Eliška Ochodková, Václav Snášel
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Work, Power and Simple Machines.

Work, Power and Simple Machines.
Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all.

Time-Memory tradeoffs in password cracking 1. Basic Attacks Dictionary attack: –What if password is chosen well? Brute Force (online version): –Try all.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.

Similar presentations

Ads by Google