Unit 2: Password Cracking 2.1 Password Cracking Parsing a Rainbow Table

>> Rainbow tables are specific to the hash function for which they were created,
which means, for example, MD5 tables can crack only MD5 hashes,
and SHA-1 tables can crack only SHA-1 hashes.
Rainbow tables use a different reduction function for every chain link so that
when there's a hash collision in two or more chains, the chains won't merge as long
as the collision doesn't occur in the same location of each chain.
In addition to increasing the probability of a correct crack for a given table size,
this use of multiple reduction functions almost doubles the speed of lookups.
Let's say we have a rainbow table that looks like this, three rows and seven columns.
In reality, rainbow tables can have hundreds, thousands or more rows, number of chains,
and columns, length of each chain.
In the database of hashed passwords, we see that the root account in a Linux system
or the administrator account on a Windows system has a hash of ABCD.
We'll be using four-character hashes for illustrative purposes.
First, we compute the last reduction used in the table
and check whether the password appears in the last column of the table.
The output "edX" doesn't appear on the table.
If the test fails, we compute a chain with the last two reductions.
ABCD is reduced, hashed, and reduced.
In this case, we got RIT and it happens to match the end of the last chain.
If it didn't, we'd go back yet another reduction function.
If we keep going back and have no more to go back to, then we're just out of luck
with this particular rainbow table and the attack has failed.
Since the test is positive, RIT appears at the end of the chain in the table,
we go to the beginning of the chain that produced RIT.
Here we find "bob" at the beginning of the corresponding chain.
At this point, we generate a chain and compare
at each iteration the hash with the target hash of ABCD.
The test is valid and we find the hash ABCD in the chain.
Remember, only the first and last columns are stored.
We keep going until we hit ABCD.
What comes before ABCD?
Well, that's the password that was hashed into ABCD.
"Rochester" is the password, but notice we did not reverse the hash.

转载于:https://www.cnblogs.com/sec875/articles/10015927.html