>> The rainbow table is a trade-off, using less processing and more storage
than a brute force attack, but more processing and less storage than a dictionary attack.
A rainbow table involves an algorithm called a "reduction function" that maps hashes
into something that could be an actual plain text password.
This does not mean we're reversing the hash.
That can't be done.
The rainbow table is just alternating hashing and reducing to produce a chain
of alternating hashes and plain texts.
For example, we could take plain text Jonathan and hash it into 123456.
Then we could run 123456 through a reduction function and get "Scott."
Then we could run "Scott" through the hashing algorithm
and get ABCDEF and reduce that to "Weissman."
Generating a rainbow table with a tool called "rtgen," for instance,
involves computing a number of chains with a specific chain length
and storing the first and last entries of each chain.
Thus, instead of storing 10,000 plain text values or hashes,
which at most can crack 10,000 passwords, now storing just the starting and ending point
of 5,000 chains, the same number of 10,000 entries, a rainbow table can crack any amount
of passwords, 100,000, 1 million, 1 billion, or more.
How can it do this?
See you in the next video.
转载于:https://www.cnblogs.com/sec875/articles/10015921.html