A rainbow table attack is an alternative to a dictionary attack. The dictionary attack will require a lot of time to parse through all the words and the subsequent hashing of them. Plus, the file itself, if good, will be quite large. If the hashes are stored, the storage requirements are even greater because instead of a password of around a length of ten, we're now talking about hashes that are ten or 20 times the length of passwords. The rainbow table is a trade-off, using less processing and more storage than a brute force attack but more processing and less storage than a dictionary attack. A rainbow table involves an algorithm called a reduction function that maps hashes into something that could be an actual plaintext password. This does not mean we're reversing the hash; it can't be done. The rainbow table is just alternating hashing and reducing to produce a chain of alternating hashes and plaintext. For example, we can take plaintext "Jonathan" and hash it into "123456". Then we could run "123456" through a reduction function and get "Scott". Then we could run Scott through the hashing algorithm and get "abcdef" and reduce that to "Weisman". Generating a rainbow table with a tool called Rtgen, for instance, involves computing a number of chains with a specific chain length and storing the first and last entries of each chain. Thus, instead of storing 10,000 plaintext values or hashes, which, at most, can crack 10,000 passwords, now storing just the starting and ending point of 5,000 chains -- the same number of 10,000 entries -- a rainbow table can crack any amount of passwords; 100,000, a million, a billion, or more!
sinh trắc vân tay hà nội
ReplyDeleteKhám phá bản thân
Trung tâm sinh trắc vân tay
Khám phá bản thân
Trung tâm sinh trắc vân tay
Chọn công việc phù hợp