Now what if I wanted to break into this account? The fact that the same
input always generates the same hash tag means I can build up a database
of inputs and outputs and use that to attack an account, this is called
using a ‘rainbow table’, a database of inputs/outputs used to determine
a hashed password. Rainbow tables are easily found on the internet, so
this one-way hash is not as safe as once thought. If your interested
in learning more about rainbow tables, check out http://ophcrack.sourceforge.net/.
So what’s the best way of stoping rainbow table hacking? Salting. By generating a random “salt” for every user and attaching it to their passwords before hashing, you have made the rainbow tables ineffective. For example, the password ‘qwerty123′ becomes ‘qwerty123AS@#$fgr=’ and is then hashed into ’8a7bb436d4849395072483f7715b7edb’. Because the salt generates a random string and each user in your database has a different salt value, you have effectively removed the threat of rainbow tables.
If you want to read more about the inner workings of rainbow tables, take a look at this post: http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html
Rainbow tables (Rainbow Table) is a crack hash algorithm technology, its performance is very shocking, on a common PC combined with NVIDIA CUDA technology for NTLM algorithm can achieve up to 103,820,000,000 times per second try (more than expressly one hundred billion) for the widely used MD5 close to one hundred billion times. Even more amazing is that rainbow table technology is not intended to address the vulnerability of a hash algorithm attack, but similar brute force, are valid for any hash algorithm.
It is almost incredible, Roger can not wait to see the principle of introduced. In fact, this is not new technology, but unfortunately, the search for the principle of rainbow tables "out of the articles on the introduction of the principle of rainbow tables have quite right, Roger is here a brief look at the main reference Wiki this with good English can go to this paper .
http://www.webdbtips.com/45045/
So what’s the best way of stoping rainbow table hacking? Salting. By generating a random “salt” for every user and attaching it to their passwords before hashing, you have made the rainbow tables ineffective. For example, the password ‘qwerty123′ becomes ‘qwerty123AS@#$fgr=’ and is then hashed into ’8a7bb436d4849395072483f7715b7edb’. Because the salt generates a random string and each user in your database has a different salt value, you have effectively removed the threat of rainbow tables.
If you want to read more about the inner workings of rainbow tables, take a look at this post: http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html
Rainbow tables (Rainbow Table) is a crack hash algorithm technology, its performance is very shocking, on a common PC combined with NVIDIA CUDA technology for NTLM algorithm can achieve up to 103,820,000,000 times per second try (more than expressly one hundred billion) for the widely used MD5 close to one hundred billion times. Even more amazing is that rainbow table technology is not intended to address the vulnerability of a hash algorithm attack, but similar brute force, are valid for any hash algorithm.
It is almost incredible, Roger can not wait to see the principle of introduced. In fact, this is not new technology, but unfortunately, the search for the principle of rainbow tables "out of the articles on the introduction of the principle of rainbow tables have quite right, Roger is here a brief look at the main reference Wiki this with good English can go to this paper .
http://www.webdbtips.com/45045/
Comments
Post a Comment