Saturday, 21 July 2012

Password Cracking (Rainbow Table)

Rainbow Table

A Rainbow table is a huge pre-computed list of hash values for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm that transformed it into something absolutely foreign. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very common hashing algorithm used as security to store passwords in website databases is MD5.

Let’s say you are registering for a website. You put in a username and password. Now when you submit, your password goes through the MD5 algorithm and the outcome hash is stored in a database. Now since you can’t get the password from the hash, you may be wondering how they know if your password is right when you login. Well when you login and submit your username and password, a script takes your password and runs it through the md5 algorithm. The outcome hash is compared to the hash stored in the database. If they are the same, you are admitted.

If I were to run the word “cheese” through the md5 algorithm, the outcome would be fea0f1f6fede90bd0a925b4194deac11. Having huge tables of every possible character combination hashed is a much better alternative to brute-force cracking. Once the rainbow tables are created, cracking the password is a hundred times faster than Brute Forcing it. I will show an example of rainbow table cracking when we get into Windows password cracking.


Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More