Upload
nguyennhi
View
246
Download
3
Embed Size (px)
Citation preview
12/11/13
1
Rainbow Table to Crack Password using MD5 Hashing Algorithm BY DHIVYA SUBRAMANIYAN
CS 555 (RESEARCH PRESENTATION)
Agenda • What is Rainbow tables?
• Why it is used?
• Introduc:on to hashes • Message digest algorithm
• Rainbow tables in detail
• Table for different hash table algorithm
• Snapshots
12/11/13
2
What is Rainbow Table? A rainbow table is a table that contains hash func:on’s input and the corresponding outputs. OR
A rainbow table is a precomputed table for reversing cryptographic hash func:ons , usually for cracking password hashes .
Why it is used? Rainbow table is used by the hackers to find the password by reversing the hash func:on. Tables are usually used in recovering a plaintext password up to a certain length consis:ng of a limited set of characters.
12/11/13
3
IntroducLon to hashes Hashing the plaintext or password is a one-‐way func:on. Usage of being one-‐way func:on in cryptographic hashes:
A) provides message integrity
B) storing passwords in opera:ng system
Some of the well-‐known hash algorithms :
• Message Digest-‐5 (MD5)
• Secure Hash Algorithm-‐1 (SHA1)
• NT LAN Manager (NTLM)
IntroducLon to hashes Approaches of hash: • Brute force approach : Computes the hashes for the probable message space one by one and matches with the given hash.
• Cryptanaly:c approach : It uses :me memory trade-‐off approach . This method recomputes message hash pairs and stores them in a file to be used later for search
12/11/13
4
Message digest algorithm Step 1 : Append padding bits The input message is padded so that its length (in bits) equal to 448 mod 512.
At least one bit and at most 512 bits are appended.
Step 2 : Append length
A 64-‐bit representa:on of the length of the message is appended to the result of step 1.
message length > 2⁶⁴ -‐> only the low order of 64 bits will be used.
The resul:ng message (a_er padding) has a length that is an exact mul:ple of 512 bits .
The input message will have a length that is mul:ple of 16(32-‐bit) words.
Message digest algorithm Step 3 : Ini:alize MD buffer
A four-‐word buffer (A,B,C,D) is used to compute the message digest. Each of A,B,C,D is a 32-‐bit register.
MD5 process:
Digest :4 32-‐bit words : MD = A|B|C|D
Every message block contains 16 32-‐bit words : m0|m1|m2……|m15
Every stage consists of 4 passes over the message block and each modifies message digest.
Each block contains 4 rounds and each round has 16 steps.
12/11/13
5
Rainbow tables in detail Example
If the set of plain text is [0123456789] {6} i.e., to generate the rainbow table of all numeric passwords of length 6 and the hashing func:on is MD5.
Then, H(plain text) = MD5(“493823”)
H , hash func:on
P , finite set of password h , output hash func:on
p , an element in the finite set of password
Then, H(p) = h
Rainbow tables in detail The rainbow table is generated in the following way : • Star:ng point / end point
• Rainbow chain length and count • Hash algorithm
12/11/13
6
Rainbow tables in detail
Rainbow tables in detail Hash chains are techniques for decreasing the space requirement in disk . It defines a reduced func:on R to map hash values of P again .
Example:
aaaaaa -‐> 281daf40 -‐> sdfnyd -‐> 920ecf10 -‐> keibgt
12/11/13
7
Table for different hash table algorithm 1. Char set :Set of characters and the password length determines the total number of keys (key space).
2.Disk Space: Size of the rainbow table. 3.Chain length and chain count are length and number of the Rainbow chains.
4.Hash speed and Pre-‐computa:on :me depends on speed of the hardware.
5.Cryptanalysis :me is :me taken to get the password given its hash and rainbow table.
6.Success probability measures amount of success. Not guaranteed always.
Snapshots
12/11/13
8
Snapshots
Snapshots
12/11/13
9
Snapshots
Snapshots
12/11/13
10
Snapshots
Conclusion Advantages of rainbow table: • By observing the results table, it is known that computa:onal :me and cryptanalysis :me increases as the key space increases.
• Rainbow tables directly aoack on hash algorithm, not on the password length so that the password can be cracked easily even if the password size is more.
• Tables are built once and it can be used many :mes
• Fast and perfect for cracking hashes.
12/11/13
11
Conclusion Limita:on:
• It is limited for reverse fixed length messages.
• This table is not generated for all keys in key space i.e., it is probabilis:c in nature as a result 100% is not guaranteed.
Higher success rates can be achieved by carefully choosing the chain length and the chain count.
Reference www.rainbowtables.net www.freerainbowtables.com
Kostas Theoharoulis , IoannisPapaefstathiou , “Implemen:ng rainbow tables in high end FPGAs for superfast password Cracking” , Interna:onal conference on field programmable Logic and applica:ons(FPL)
Wikipedia
M.E.Hellamn , “A Cryptanaly:c :me trade-‐off” .
12/11/13
12
Thank You!!