Security Basics
Fwd: Rainbow Tables Aug 02 2013 06:36AM
Syn Ack (synackackack gmail com)
Hi List,

I have a question regarding Rainbow Tables.

So, first we find the chain:

- start with the hash to crack
- calculate a chain from it
- compare each password in its chain to the end passwords stored in
rainbow table
- if it matches, the password is likely somewhere in this given chain

Second, re-inflate chain to find password

- now, recalculate the entire chain whose end password matched a
password in the chain for our hash to crack
- look for our hash to crack in the chain
- when we find it, the password is the item just before it in the chain
- bingo

so, my questions are

1) since in each chain we are only storing Initial Password & End
Password - wont we have many cases where we check all end passwords
and never get a match? what if it is somewhere in the match is
actually somewhere in the middle of the chain, and since we aren't
storing it we don't find it.

also, if the answer is that, say we are trying to crack 7 character
password, we have generate rainbow table has all possible combination
of 7 char password as the end password. then what gain do we really
get, over the logical model of a straight hash->password table? i'm

Finally, given salt predominantly in use in modern password hash
schemes, pen testing in realistic modern conditions, are rainbow
tables still of value?

many thanks


Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus