Passwords on the internet are almost always stored hashed. A hash is a method of cryptography that is very cheap to calculate in one direction but very expensive to calculate in the opposite direction.
While MD5 may be being replaced by stronger hashing methods such as bcrypt, it's still commonly used on LAMP stacks across the internet today. Should we ever come across this hash, we can search our table, find it, and learn what the original string was.
However, before we can do that, we must learn how to make a rainbow table. For this guide, I'll be demonstrating from a base of Kali Linux running in a virtual machine, but the instructions for most Linux distros will be basically the same. I will also include some information for those on the Windows platform. We'll be using RainbowCrack to create and sort our tables. Kali Linux comes with RainbowCrack already installed, but if you don't have it or are running on Windows, you can download it or use aptitude if you are on a Debian-based distro like Mint.
On Windows, once you have downloaded RainbowCrack, create a new folder that you can easily navigate to with Command Prompt and extract everything into it.
Then, open the Command Prompt, and navigate to the directory you created. Move on to Step 2, since the next paragraphs are for Kali.
In Kali, once we're sure RainbowCrack is installed, we'll need to create a new folder and navigate into it. This is where our tables will be generated and sorted see Step 3 and 4 for exceptions.
You can use the following commands to set up the folder in your home directory. It's best to use a new and empty directory for the sorting process that comes after the table is generated. It's important to keep in mind that rainbow tables take up enormous amounts of storage space, especially when you include a wide character set and a long max length.
Make sure you have room for hundreds of gigabytes at the very least. Having at least half a terabyte free is better. If you don't have this space available, you can still follow along using smaller character sets, shorter max lengths, and shorter chain lengths. Once we're in the directory we created, we can run rtgen to make sure everything is installed correctly.
This will also return some convenient help, with some example usages of rtgen and the naming of parameters. Of course, because of the space constraints, the parameters aren't really explained, so I'll do that so it's easier to follow along later.
A new hash value is them generated from this text. In a rainbow table, this takes place not only one time, but many times, resulting in a chain. In the final table, however, only the first password and the last hash value of a chain appear. Based on this information and taking the reduction functions into account, all other values can also be determined.
The hash value to be cracked is then reduced again according to the same rules and hashed, and each intermediate result is compared with the values in the table.
With this technology, the size of such tables can be extremely reduced, and yet they still are several hundred gigabytes large. A time-memory tradeoff is basically when you accept a longer runtime in favor of fewer memory requirements — or the other way around.
A brute force attack takes up very little storage space, since the cryptographic calculations for each attack are performed anew. A table, on the other hand, in which billions of passwords are presented together with their hash values, takes up an enormous amount of storage space, but can very quickly run decryptions. Rainbow tables represent a compromise of both. In principle, they also perform real-time calculations, but to a lesser extent, and so save a lot of storage space compared to complete tables.
The initial situation: You have a specific hash value and would like to discover the actual password behind it.
First, search through the list for the hash value. In this case, you start with a reduction of the hash value using the same function that was used to create the chains. The result then passes through the hash function. Repeat this until you find the hash value in one of the end points. So, you now start at the beginning of the chain and carry out the reductions and hashing alternately until you reach the desired hash value and the plaintext of the password.
At the end of the day, you may very well ask yourself what these tables have to do with rainbows. In practice, you can use not only a reduction function , but also a different one in each step. This provides better reduction results and avoids the repetition of hash values in the table, but also has the disadvantage that finding combinations of hash values and passwords in the chain is somewhat more complex.
The reductions then must be gone through in order: if you assume that the chain was built with the reductions R 1 , R 2 , and R 3 , then you would start the search with function R 3. Within the table, the different reduction functions can be marked with colors , which leads to a colorful rainbow with a corresponding number of iterations — and, the name. The best way to understand rainbow tables is to see an example of the process. The explanation : The entered password is k.
In this case, m is any multiplier in this example. Usually a quantity of the golden ratio 0, is set for A. Modulo mod extracts the remainder of a division, performed in this case by 1. The Gaussian brackets round off the result to a whole integer at the end, if necessary. The result h k is then the hash value h for input k.
As possible passwords, we assume a character set with only numbers and only two places, so This holds the table to a manageable range, and letters would first have to be translated into numerical values anyway. For the password 78 it then follows that:.
In a rainbow table for this hash function, reduction functions now need to be run. One very simple option for reducing the hash value is, for example, to use only the last two digits. So, in the case of the password 78 and the corresponding hash value , the reduction is A hash value is formed again from this with the help of the presented function, and so on.
The frequency of repetitions is up to you. The more often you run a repetition, the less storage space the rainbow table needs — but the processing time increases. In this example, we run a reduction three times. The above table shows the complete chain with the results of the hash and reduction functions.
The goal of a rainbow table, though, is to shorten the range. All other values can be derived from these. In this example, the size of the rainbow table only decreased slightly from the original table: entries compared to We don't show IP address to other users. All reviewers can request the deletion of any personal information and it will be deleted within the 48 hours after the request.
What Do I Need? Set Up Rainbow Crack. Configure Parameters. Generate Rainbow Tables. Was this article helpful? Share your opinion with us Submit. I don't know. User Friendly. Personal Info We request this information as we strive to provide only truthful information and to verify that the review was written by a real person.
0コメント