scispace - formally typeset
Search or ask a question

Showing papers on "Rainbow table published in 2003"


Book ChapterDOI
17 Aug 2003
TL;DR: A new way of precalculating the data is proposed which reduces by two the number of calculations needed during cryptanalysis and it is shown that the gain could be even much higher depending on the parameters used.
Abstract: In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since. We propose a new way of precalculating the data which reduces by two the number of calculations needed during cryptanalysis. Moreover, since the method does not make use of distinguished points, it reduces the overhead due to the variable chain length, which again significantly reduces the number of calculations. As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (237) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished points. We show that the gain could be even much higher depending on the parameters used.

524 citations


Patent
12 Aug 2003
TL;DR: In this article, a one-way/one-time hash function is applied to the current password to form a current tag and a next password is selected for a next packet that includes next data.
Abstract: A method authenticates packets that are transmitted serially in a network. A current password is selected for a current packet to be transmitted. The current packet includes current data. A one-way/one-time hash function is applied to the current password to form a current tag. A next password is selected for a next packet that includes next data, and the one-way/one-time hash function is applied to the next password to form a next tag. The one-way/one-time hash function is then applied to the next data, the next tag, and the current password to obtain a hashed value. The current packet is then transmitted to include the hash value, the current data, the current tag, and a previous password of a previous transmitted packet to authenticate the current data.

74 citations


Patent
22 Apr 2003
TL;DR: A memory management system and method includes, in one embodiment, an index location in a hash table that represents metadata, and a file memory address saved at the index location so that the hash table is searchable by a processor by entering the metadata into a hash function as discussed by the authors.
Abstract: A memory management system and method includes, in one embodiment, an index location in a hash table that represents metadata, and a file memory address saved at the index location so that the hash table is searchable by a processor by entering the metadata into a hash function to transform the metadata into the index location where the memory address is stored.

49 citations


Patent
23 Dec 2003
TL;DR: In this article, the loss of a computer's primary O.S. password, BIOS password, or HDD password (or even an application password) is sensed by a secondary O. S. based on a number of failed log on attempts to the affected component.
Abstract: The loss of a computer's primary O.S. password, BIOS password, or HDD password (or even an application password) is sensed by a secondary O.S. based on a number of failed log on attempts to the affected component. The password can be reset by having the secondary O.S. generate an intermediate password automatically, verify user authorization, and then make the intermediate password available to, e.g., the primary O.S., so that the affected component can be accessed and its password reset without help desk personnel intervention.

41 citations


Journal ArticleDOI
TL;DR: This article shows that Peyravian-Zunic's improved hash-based password authentication scheme is still vulnerable to the off-line guessing attack, the denial-of-service attack, and the stolen-verifier attack.
Abstract: Many password authentication schemes employ hash functions as their basic building blocks to achieve better efficiency. In 2000, Peyravian and Zunic proposed a hash-based password authentication scheme that is efficient and can be easily implemented. Recently, Lee, Li, and Hwang demonstrated that Peyravian-Zunic's hash-based password authentication scheme is vulnerable to the off-line guessing attack, and then proposed an improved version. In this article, we show that their improved scheme is still vulnerable to the off-line guessing attack, the denial-of-service attack, and the stolen-verifier attack.

39 citations


Patent
13 Mar 2003
TL;DR: In this article, the hash value for collation of a system module is present in the memory of the processor, so that it is possible to prevent a hash table form being altered or erased.
Abstract: PROBLEM TO BE SOLVED: To accurately carry out an authentication processing of a software in a secure status inside a control part by storing data and algorithms necessary for realizing processings independent of an OS in a secure status. SOLUTION: A hash value table is preliminarily written in a memory 14 for a hash value table inside a processor. Thus, the hash value for collation of a system module is present in the memory 14 for the hash value table inside the processor, so that it is possible to prevent a hash table form being altered or erased, and to maintain a reliable status as the hash value for collation. COPYRIGHT: (C)2005,JPO&NCIPI

25 citations


Proceedings ArticleDOI
H. Luo1, P. Henry1
07 Sep 2003
TL;DR: This paper proposes a common password method for users who need to protect multiple accounts using passwords that assures that compromising one specific password does not reveal the common password and any other specific password.
Abstract: This paper proposes a common password method for users who need to protect multiple accounts using passwords. It requires a user to remember only one password, called a common password, to access any of his/her accounts. Each account is protected by a different password, called a specific password. It is generated by a one-way hash function of an account-specific random number that is stored at the account server or a proxy in an encryption form, where the encryption key is derived from the common password. Compared with a convenient but insecure practice of using one or several passwords to protect multiple accounts, the common password method is convenient and secure. It assures that compromising one specific password does not reveal the common password and any other specific password. A Web-based implementation for the common password method is also presented in this paper. It employs a Web server to store every user's account identifiers and encrypted random numbers, and to supply them to the user in a Web page that contains a password calculator written in JavaScript. The user can compute a specific password using a Web browser on his/her computer for any application that requires password authentication.

18 citations


Book ChapterDOI
09 Jul 2003
TL;DR: This work constructs EPA+, a new password-based protocol for authenticated key exchange which has smaller computational and communicational workloads than previously proposed protocols with the same security requirements and is secure against dictionary attack and server impersonation.
Abstract: A password-based protocol for authenticated key exchange must provide security against attacks using low entropy of a memorable password. We propose a new password-based protocol for authenticated key exchange, EPA (Efficient Password-based protocol for Authenticated key exchange), which has smaller computational and communicational workloads than previously proposed protocols with the same security requirements. EPA is an asymmetric model in which each client has a password and the server has a password file. While the server's password file is compromised, the client's password is not directly exposed. However, if the adversary mounts an additional dictionary attack, he can obtain the client's password. By using a modified amplified password file, we construct EPA+, which is secure against dictionary attack and server impersonation even if the server's password file is compromised.

18 citations


Patent
David B. Minturn1
30 Dec 2003
TL;DR: In this paper, the authors describe a protocol for host TCP context lookup based on network interface card-based prefetching, which can be seen as a form of preprocessing.
Abstract: Systems and methods using network interface card-based (NIC-based) prefetching for host TCP context lookup are disclosed. The process generally includes hashing, by the NIC, a packet received over the network, computing a host hash table cache line in a host memory using the hash value and using a hash table pages table containing host memory physical page addresses of a host hash table, and computing a host context table cache line in a host memory using the hash value and using a context table pages table containing host memory physical page addresses of a host context table. The NIC may be initialized with the hash table pages table and the context table pages table as well as with the a set number of hash node entries in the hash table of the host memory.

11 citations


Journal Article
TL;DR: This paper presents a method called signature chain alternative to Lamport’s hash chain to improve security and flexibility of one-time passwords and has an innite length, which is more flexible and facilitates using the protocol without the complexity of restarting.
Abstract: While the classical attack of \monitor the network and intercept the password" can be avoided by advanced protocols like SSH, one-time passwords are still considered a viable alternative or a supplement for software authentication since they are the only ones that safeguard against attacks on insecure client machines. In this paper by using public-key techniques we present a method called signature chain alternative to Lamport’s hash chain to improve security and flexibility of one-time passwords. Our proposition improves the security because rst, like other public-key authentication protocols, the server and the user do not share a secret, thereby eliminating attacks on the server side. Second, from any incorrectly revealed one-time password, unspent passwords cannot be calculated if a signature chain is preferred. Having an innite length, the chain in our proposition is more flexible and facilitates using the protocol without the complexity of restarting. On the other hand, the disadvantage of signature chain is the longer verication time with respect to hash chain based approaches.

8 citations


Journal Article
TL;DR: A practical efficient one-time password authentication protocol is presented which conquers common challenge-response protocol weakness and can achieve mutual authentication and avoid replay attack and personating attack.
Abstract: Some common onetime password authentication protocols are analyzed.A practical efficient onetime password authentication protocol is presented which based on the symmetric algorithm,which conquers common challengeresponse protocol weakness and can achieve mutual authentication and avoid replay attack and personating attack.It also can boost up the security of the application security system by integrating with it.

Patent
27 Aug 2003
TL;DR: In this article, a password input method for preventing leakage of a password on a system having a display device is provided to escape recognition of the password by offering a password-input window of a cipher changed for each input and making the system recognize only the valid data inputted to specified positions as the password.
Abstract: PURPOSE: A password input method for preventing leakage of a password on a system having a display device is provided to escape recognition of the password by offering a password input window of a cipher changed for each input and making the system recognize only the valid data inputted to specified positions as the password. CONSTITUTION: The password input window of the cipher randomly selected within a predetermined range is displayed to input the valid password with fake numbers. The inputted password is stored in the first buffer. Only the valid password inputted to the specified positions among the password stored in the first buffer is extracted/stored to the second buffer. The password stored in the second buffer is judged by being compared with the registered password.