To recover a password using Rainbow Tables, the password hash undergoes the above process for the same length: in this case 100,000 but each link in the chain is retained. Repeat this process to create as many chains as desired. Only the seed and final value are stored. Then apply the hashing and reduction functions to this seed, and its output, and continue iterating 100,000 times. To construct the chain, pick a random seed value. Rainbow tables are constructed of "chains" of a certain length: 100,000 for example. A simple reduction function is to Base64 encode the hash, then truncate it to a certain number of characters. The reduction function must transform a hash into something usable as a password. The hashing function for a given set of Rainbow Tables must match the hashed password you want to recover. Constructing a rainbow table requires two things: a hashing function and a reduction function. To use a hash table, simple take the hash and perform a binary search in the table to find the original password, if it's present. The password-hash pairs are stored in a table, sorted by hash value. Hash tables are constructed by hashing each word in a password dictionary. Rainbow Tables are commonly confused with another, simpler technique that leverages a compute time-storage tradeoff in password recover: hash tables.
0 Comments
Leave a Reply. |