Security Basics mailing list archives
Fwd: Rainbow Tables
From: Syn Ack <synackackack () gmail com>
Date: Fri, 2 Aug 2013 06:36:53 +0000
Hi List, I have a question regarding Rainbow Tables. So, first we find the chain: - start with the hash to crack - calculate a chain from it - compare each password in its chain to the end passwords stored in rainbow table - if it matches, the password is likely somewhere in this given chain Second, re-inflate chain to find password - now, recalculate the entire chain whose end password matched a password in the chain for our hash to crack - look for our hash to crack in the chain - when we find it, the password is the item just before it in the chain - bingo so, my questions are 1) since in each chain we are only storing Initial Password & End Password - wont we have many cases where we check all end passwords and never get a match? what if it is somewhere in the match is actually somewhere in the middle of the chain, and since we aren't storing it we don't find it. also, if the answer is that, say we are trying to crack 7 character password, we have generate rainbow table has all possible combination of 7 char password as the end password. then what gain do we really get, over the logical model of a straight hash->password table? i'm confused. Finally, given salt predominantly in use in modern password hash schemes, pen testing in realistic modern conditions, are rainbow tables still of value? many thanks ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Fwd: Rainbow Tables Syn Ack (Aug 01)
- Re: Fwd: Rainbow Tables Michael Peppard (Aug 06)
- Re: Fwd: Rainbow Tables Jeffrey Walton (Aug 06)
- RE: Fwd: Rainbow Tables Nwadinobi, Edward (Aug 07)
- Re: Fwd: Rainbow Tables Jeffrey Walton (Aug 07)
- Re: Fwd: Rainbow Tables Jeffrey Walton (Aug 06)
- Re: Fwd: Rainbow Tables Michael Peppard (Aug 06)
- <Possible follow-ups>
- Re: Fwd: Rainbow Tables rstackackack (Aug 05)