Stack Overflow
Stack Overflow

Questions tagged [rainbowtable]

A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes.

A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plaintext password, up to a certain length consisting of a limited set of characters. It is a practical example of a space-time tradeoff, using more computer processing time at the cost of less storage when calculating a hash on every attempt, or less processing time and more storage when compared to a simple lookup table with one entry per hash. Use of a key derivation function that employ a salt makes this attack infeasible.

See more at Wikipedia

58 questions
248
votes
10 answers

How does password salt help against a rainbow table attack?

I'm having some trouble understanding the purpose of a salt to a password. It's my understanding that the primary use is to hamper a rainbow table attack. However, the methods I've seen to implement this don't seem to really make the problem…
Rich
  • 12,068
  • 9
  • 62
  • 94
78
votes
6 answers

Salt Generation and open source software

As I understand it, the best practice for generating salts is to use some cryptic formula (or even magic constant) stored in your source code. I'm working on a project that we plan on releasing as open source, but the problem is that with the source…
user199085
  • 917
  • 2
  • 8
  • 8
38
votes
3 answers

Rainbow tables as a solution to large prime factoring

In explanations I've read about public key cryptography, it is said that some large number is come up with by multiplying together 2 extremely large primes. Since factoring the product of large primes is almost impossibly time-consuming, you have…
Dinah
  • 52,922
  • 30
  • 133
  • 149
12
votes
3 answers

How does a reduction function used with rainbow tables work?

I've carefully read about rainbow tables and can't get one thing. In order to build a hash chain a reduction function is used. It's a function that somehow maps hashes onto passwords. This article says that reduction function isn't an inverse of…
sharptooth
  • 167,383
  • 100
  • 513
  • 979
11
votes
7 answers

Is forcing complex passwords "more important" than salting?

I've spent the past 2 hours reading up on salting passwords, making sure that I understood the idea. I was hoping some of you could share your knowledge on my conclusions. If I'm an attacker, and I gain access to a user database, I could just take…
Galen
  • 29,976
  • 9
  • 71
  • 89
8
votes
4 answers

Why is it called rainbow table?

Anyone know why it is called rainbow table? Just remembered we have learned there is an attack called "dictionary attack". Why it is not call dictionary?
user496949
  • 83,087
  • 147
  • 309
  • 426
6
votes
6 answers

is there a way to reverse a hash without rainbow tables?

Possible Duplicate: md5 decoding. How they do it? this page suggests that a hash algorithm like md5() and sha1() can be reversed because of the huge processing power that we have nowadays. At this point i tought it was only possible with Rainbow…
Hugo Mota
  • 11,200
  • 9
  • 42
  • 60
6
votes
4 answers

Are Rainbow Tables Attacks even a threat?

let's just assume a simple non salted hash function, just a plain old $hash = md5($pass). Premises: the password hashing all takes place server side, and the hashes are stored in the database. The client has no way to see these. a rainbow table…
Kenny Cason
  • 12,109
  • 11
  • 47
  • 72
6
votes
4 answers

RAR passwords, why don't rainbow tables work?

I've been looking around for encryption and I've seen several implementations of Rainbow Tables work like charm on passwords (say windows). I'm yet to see an implementation of a Rainbow attack on a RAR file. Why is it so. What makes RAR encryption…
Frankie
  • 24,627
  • 10
  • 79
  • 121
6
votes
1 answer

Rainbow Table: Unable to get last reduction

In this cryptography post it says The chain can go as long as you want, until it hits the original input. When it hits that point, it will just repeat itself and it will be useless. So my starting point is 12345 but I can't get the end point and…
reggie
  • 626
  • 3
  • 13
  • 31
6
votes
4 answers

What is a dictionary attack?

When we say dictionary attack, we don't really mean a real dictionary, do we? My guess is we mean a hacker's dictionary i.e. rainbow tables, right? My point is we're not talking about someone keying different passwords into the login box, we're…
Chris
  • 8,736
  • 18
  • 49
  • 56
5
votes
1 answer

Reduction functions for rainbow tables

Since chains of rainbow tables are very long, are there many different reduction functions used to reduce each hash, or are there only a handful, while using indexes to prevent merging? or something else?
calccrypto
  • 81
  • 6
5
votes
1 answer

How do chains work in Rainbow tables?

I was wondering if somebody could explain in detail, how chains work in rainbow tables as you would to a complete novice, but with relevance to programming. I understand that a chain is 16 bytes long. 8 bytes mark the starting point and 8 mark the…
James Moore
  • 253
  • 1
  • 6
  • 14
4
votes
2 answers

Why is golang package bcrypt able to retrieve the salt after hashing the password?

I am having trouble understanding the following code from the golang crypto bcrypt repo func newFromHash(hashedSecret []byte) (*hashed, error) { if len(hashedSecret) < minHashSize { return nil, ErrHashTooShort } p := new(hashed) …
user10714010
  • 865
  • 2
  • 13
  • 20
3
votes
1 answer

Implementation of Rainbow table

I'm trying to implement the online phase of a rainbow table attack on the GSM networks KASUMI cipher. I'm not using the full 128 bit keyspace only 32 bit. Below is my implementation. I have generated a single rainbow table with 225 rows and 27.88…
Becktor
  • 175
  • 1
  • 10
1
2 3 4