HACKING LESSON 11

PASSWORD CRACKING USING RAINBOW TABLE

In order to work with rainbow tables and rainbow crack we must first understand the following keywords-

1). LOOKUP TABLE – A lookup table is usually an array which is used to replace a runtime operation (in our case – a real time password cracking) with a simpler LOOKUP operation. This way we can achieve great speed at the cost of memory.

The idea is to pre-calculate hashes of all possible passwords and store them in a table in the memory. These tables are called Rainbow Tables.

The pre computation of hashes takes a long time, but once it is done, this type of password cracking is hundreds of time faster than the traditional Brute Force Attack.

2). SPACE – MEMORY TRADE OFF - It is a situation where the memory use can be reduced at the cost of slower program execution, or vice versa, the computation time can be reduced at the cost of increased memory use

A Classic Example - A space-time tradeoff can be applied to the simple problem of data storage. If data is stored uncompressed, it takes more space but less time than if the data were stored compressed (since compressing the data reduces the amount of space it takes, but it takes time to run the compression algorithm). Depending on the particular instance of the problem, either way is practical.

How to generate a Rainbow Table?

Search for a program called rainbow crack.

Warning: Rainbow tables are very large, can take GB’s of system space.

Definition of Rainbow Crack – Rainbow Crack tool is a hash cracker. A traditional brute force cracker tries all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.