scispace - formally typeset
Search or ask a question

Showing papers on "Rainbow table published in 2005"


Proceedings ArticleDOI
22 Aug 2005
TL;DR: This work presents a novel hash table data structure and lookup algorithm which improves the performance over a naive hash table by reducing the number of memory accesses needed for the most time-consuming lookups, which allows designers to achieve higher lookup performance for a given memory bandwidth.
Abstract: Hash tables are fundamental components of several network processing algorithms and applications, including route lookup, packet classification, per-flow state management and network monitoring. These applications, which typically occur in the data-path of high-speed routers, must process and forward packets with little or no buffer, making it important to maintain wire-speed throughout. A poorly designed hash table can critically affect the worst-case throughput of an application, since the number of memory accesses required for each lookup can vary. Hence, high throughput applications require hash tables with more predictable worst-case lookup performance. While published papers often assume that hash table lookups take constant time, there is significant variation in the number of items that must be accessed in a typical hash table search, leading to search times that vary by a factor of four or more.We present a novel hash table data structure and lookup algorithm which improves the performance over a naive hash table by reducing the number of memory accesses needed for the most time-consuming lookups. This allows designers to achieve higher lookup performance for a given memory bandwidth, without requiring large amounts of buffering in front of the lookup engine. Our algorithm extends the multiple-hashing Bloom Filter data structure to support exact matches and exploits recent advances in embedded memory technology. Through a combination of analysis and simulations we show that our algorithm is significantly faster than a naive hash table using the same amount of memory, hence it can support better throughput for router applications that use hash tables.

410 citations


Patent
17 Oct 2005
TL;DR: In this paper, a token calculates a one-time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC SHA-1 values modulo 10^Digit, where Digit is the number of digits in the one time password.
Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10^Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C′. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C′ within a look-ahead window, whose size can be set by a parameter s.

89 citations


Patent
15 Jul 2005
TL;DR: In this paper, a trusted platform module (TPM) along with a processor hashes a user-supplied password for a predetermined time period that is selected to render infeasible a dictionary attack on the password.
Abstract: A computer system that may include a trusted platform module (TPM) along with a processor hashes a user-supplied password for a predetermined time period that is selected to render infeasible a dictionary attack on the password. The results of the hash are used to render an AES key, which is used to encrypt an RSA key. The encrypted RSA key along with the total number of hash cycles that were used is stored and the RSA key is provided to the TPM as a security key. In the event that the RSA key in the TPM must be recovered, the encrypted stored version is decrypted with an AES key that is generated based on the user inputting the same password and hashing the password for the stored number of cycles.

41 citations


Book ChapterDOI
14 Feb 2005
TL;DR: This correspondence proposes a general security framework for password-based KDFs and introduces two security definitions each capturing a different attacking scenario and proposes a new password- based KDF that is provably secure even when the adversary has full control of the parameters.
Abstract: A password-based key derivation function (KDF) – a function that derives cryptographic keys from a password – is necessary in many security applications. Like any password-based schemes, such KDFs are subject to key search attacks (often called dictionary attacks). Salt and iteration count are used in practice to significantly increase the workload of such attacks. These techniques have also been specified in widely adopted industry standards such as PKCS and IETF. Despite the importance and wide-spread usage, there has been no formal security analysis on existing constructions. In this paper, we propose a general security framework for password-based KDFs and introduce two security definitions each capturing a different attacking scenario. We study the most commonly used construction H(c)(p||s) and prove that the iteration count c, when fixed, does have an effect of stretching the password p by log2c bits. We then analyze the two standardized KDFs in PKCS#5. We show that both are secure if the adversary cannot influence the parameters but subject to attacks otherwise. Finally, we propose a new password-based KDF that is provably secure even when the adversary has full control of the parameters.

39 citations


01 Jan 2005
TL;DR: This paper presents a method of detection of false alarms which significantly reduces the cryptanalysis time while using a minute amount of memory, and presents theoretical analysis of time-memory trade-offs, and gives a complete characterization of the variant based on rainbow tables.
Abstract: Since the original publication of Martin Hellman's cryptanalytic time-memory trade-off, a few improvements on the method have been suggested. In all these variants, the cryptanalysis time decreases with the square of the available memory. However, a large amount of work is wasted during the cryptanalysis process due to so-called "false alarms". In this paper we present a method of detection of false alarms which can significantly reduce the cryptanalysis time while using a minute amount of memory. Our method, based on "checkpoints", can reduce the time by much more than the square of the additional memory used, e.g., an increase of 0.89% of memory yields a 10.99% increase in performance. Even if our optimization is bounded, the gain in time per memory used is radically more important than in any existing variant of the trade-off. Beyond this practical improvement, checkpoints constitute a novel approach which has not yet been exploited and may lead to other interesting results. In this paper, we also present theoretical analysis of time-memory trade-offs, and give a complete characterization of the variant based on rainbow tables. This is the first time an exact expression is given for a variant of the trade-off and that the time-memory relationship can actually be plotted.

37 citations


Book ChapterDOI
14 Feb 2005
TL;DR: This work formally models the basic security requirement for two-server password authentication protocols, and in this framework provides concrete security proofs for two protocols.
Abstract: Traditional password-based authentication and key-ex-change protocols suffer from the simple fact that a single server stores the sensitive user password. In practice, when such a server is compromised, a large number of user passwords, (usually password hashes) are exposed at once. A natural solution involves splitting password between two or more servers. This work formally models the basic security requirement for two-server password authentication protocols, and in this framework provides concrete security proofs for two protocols. The first protocol considered [7] appeared at USENIX'03, but contained no security proof. For this protocol, we provide a concrete reduction to the computational Diffie-Hellman problem in the random oracle model. Next we present a second protocol, based on the same hard problem, but which is simpler, and has an easier, tighter reduction proof.

34 citations


Patent
29 Sep 2005
TL;DR: In this paper, a password manager provides a database comprising a header and N slots, and an indicator is stored in a predetermine position of the header for identifying a number of valid password entries for the record.
Abstract: A method, apparatus and program storage device for providing a secure password manager. A password manager provides a database comprising a header and N slots. An indicator is stored in a predetermine position of the header for identifying a number of valid password entries for the record. A hash value based on the content of the N slots is calculated and stored in the header. The data in the data structure is fed along with a master password through a key generator to create encrypted data.

25 citations


Journal ArticleDOI
TL;DR: The proposed scheme is useful in solving the security problems that occurred in systems using the password table and verification table and allows each user to select a username and password of his/her choice.
Abstract: Information security has been a critical issue in the field of information systems. One of the key factors in the security of a computer system is how to identify the authorization of users. Password-based user authentication is widely used to authenticate a legitimate user in the current system. In conventional password-based user authentication schemes, a system has to maintain a password table or verification table which stores the information of users’ IDs and passwords. Although the one-way hash functions and encryption algorithms are applied to prevent the passwords from being disclosed, the password table or verification table is still vulnerable. In order to solve this problem, in this paper, we apply the technique of back-propagation network instead of the functions of the password table and verification table. Our proposed scheme is useful in solving the security problems that occurred in systems using the password table and verification table. Furthermore, our scheme also allows each user to select a username and password of his/her choice.

13 citations


Posted Content
TL;DR: Time-Memory tradeoff by Hellman may be extended to Time-Memory-Key tradeoff thus allowing attacks much faster than exhaustive search for ciphers for which typically it is stated that no such attack exists.
Abstract: In this paper we show that Time-Memory tradeoff by Hellman may be extended to Time-Memory-Key tradeoff thus allowing attacks much faster than exhaustive search for ciphers for which typically it is stated that no such attack exists. For example, as a result AES with 128-bit key has only 85-bit security if 2 encryptions of an arbitrary fixed text under different keys are available to the attacker. Such attacks are generic and are more practical than some recent high complexity chosen related-key attacks on round-reduced versions of AES. They constitute a practical threat for any cipher with 80-bit or shorter keys and are marginally practical for 128-bit key ciphers. We also show that UNIX password scheme even with carefully generated passwords is vulnerable to practical tradeoff attacks. Finally we also demonstrate a combination of rainbow tables with the time-memory-data tradeoff which results in a new tradeoff curve.

13 citations


Patent
Frederic Bauchot1, Gerard Marmigere1
20 Oct 2005
TL;DR: In this article, a user identifier and a user keying password are received from a user in conjunction with reception of a request from the user to obtain access to an application to determine whether the received user ID and keying passwords match a reference.
Abstract: A method and system for password validation. A user identifier (ID) and a user keying password are received from a user in conjunction with reception of a request from the user to obtain access to an application. The user keying password is a sequence of characters including at least one character from a first set of characters and at least one character from a second set of characters. The first set of characters are text characters allowed for defining a user password. The second set of characters are keying characters not allowed for defining a user password. It is determined whether the received user keying password matches a keying password reference. The keying password reference is based on a password definition rule.

13 citations


Book ChapterDOI
22 Aug 2005
TL;DR: In this paper, the use of LFSR sequences for function generation for the Rainbow TMTO has been discussed, which is similar to the example given by Fiat and Naor for the Hellman TMTO.
Abstract: Time/memory trade-off (TMTO) attacks require the generation of a sequence of functions which are obtained as minor modifications of a one-way function to be inverted. We carefully examine the requirements for such function generation. A counter based method is used to generate the functions for the rainbow method. We show that there are functions for which the counter method fails. This is similar to the example given by Fiat and Naor for the Hellman TMTO. Our main contribution is to suggest the use of LFSR sequences for function generation to be used in the rainbow TMTO. Properties of LFSR sequences such as long period, pseudorandomness properties and efficient forward and backward generation make such sequences useful for the intended application. One specific advantage is that it is not possible to a priori construct a Fiat-Naor type example for the LFSR based rainbow method.

Patent
05 Dec 2005
TL;DR: In this article, an authentication system using an IC card which can check authenticity of a person who makes login automatically when performing login to a server on a network is proposed. But, it is not clear whether the received user ID and the password are in agreement.
Abstract: PROBLEM TO BE SOLVED: To provide an authentication system using an IC card which can check authenticity of a person who makes login automatically when performing login to a server on a network. SOLUTION: In this authentication system, a terminal 103 reads a user ID, a password and a hash value from an IC card 101 through an IC card reader/writer 102, and accesses to the server 105. The server searches a user database, if the received user ID and the password are in agreement, generates a hash value from the user ID, the password and an access history, and if this hash value and the received hash value are in agreement, generates a new access history and a new password, performs update, and transmits login success to the terminal with these data. The terminal receives this and accesses the IC card through the IC card reader/writer, and the IC card updates to the new password and the new access history, calculates a hash value from the user ID, the password, and the access history in the card and records it. COPYRIGHT: (C)2007,JPO&INPIT

Journal Article
LI Xiao-feng1
TL;DR: A remote password authentication scheme based on the RSA cryptography and smart card was presented and has the following advantage: Each user can freely choose his own password and can renew the password himself in time according to the user's need.
Abstract: A remote password authentication scheme based on the RSA cryptography and smart card was presented.Compared with other schemes,our scheme has the following advantage: Each user can freely choose his own password and can renew the password himself in time according to the user's need.Any authentication messages for clients are never saved in the servers.It is based on the RSA cryptography and one-way secure hash function,so its realization is simple and reliable.

Patent
28 Apr 2005
TL;DR: This information storage apparatus includes a password input unit 12 that inputs a password of a prescribed number of words that collates the inputted password and authorizes an access to a security section 30 from the external appliance 50 in response to the matching of the password by the password matching unit 20.
Abstract: PROBLEM TO BE SOLVED: To prevent a password from being leaked, to enhance security and, to eliminate the difficulty of inputting the password SOLUTION: This information storage apparatus includes a password input unit 12 that inputs a password of a prescribed number of words to be notified only to the information storage apparatus 11 without being output to an external appliance 50 connected by way of a prescribed interface 11, a password matching unit 20 that collates the inputted password and authorizes an access to a security section 30 from the external appliance 50 in response to the matching of the password by the password matching unit 20 The password input unit 12 inputs a password of not greater than a prescribed number of words as the password to be collated by the password matching unit 20 and the password matching unit 20 collates the password of not greater than the prescribed number of words COPYRIGHT: (C)2006,JPO&NCIPI

Book ChapterDOI
02 May 2005
TL;DR: This paper proposes three schemes to reduce hash collisions by exploiting the locality in traffic, and shows that all these schemes perform better than the standard practice of hashing with overflow chains.
Abstract: Flow state tables are an essential component for improving the performance of packet classification in network security and traffic management. Generally, a hash table is used to store the state of each flow due to its fast lookup speed. However, hash table collisions can severely reduce the effectiveness of packet classification using a flow state table. In this paper, we propose three schemes to reduce hash collisions by exploiting the locality in traffic. Our experiments show that all our proposed schemes perform better than the standard practice of hashing with overflow chains. More importantly, our move and insert to front scheme is insensitive to the hash table size.

Book ChapterDOI
30 Nov 2005
TL;DR: A new notion is introduced, called “password pocket” which randomizes user’s password even if he/she types a same password on different servers, and the cost of a password pocket is extremely low since it needs to store only one random number securely.
Abstract: Password authentication (PA) is a general and well-known technique to authenticate a user who is trying to establish a connection in distributed web services. The main idea of PA is to remove complex information from users so that they can log on servers only with a human-memorable password at anywhere. So far, many papers have been proposed to set up security requirements and improve the efficiency of PA. Most papers consider practical attacks such as password guessing, impersonation and server compromise which occur frequently in the real world. However, they missed an important and critical risk. A revealed password of a user from a server may affect other servers because most people tend to use a same password on different servers. This enables anyone who obtains a password to easily log onto other servers. In this paper, we first introduce a new notion, called “password pocket” which randomizes user’s password even if he/she types a same password on different servers. When our password pocket is used, an exposed password does not affect other servers any more. The cost of a password pocket is extremely low since it needs to store only one random number securely.

Journal Article
TL;DR: A standard way to encode and store a game state into hash table is given, so the memory of hash table can be used more effectively and higher hit rate can be gotten in Scout search method.
Abstract: Incomplete information of the poker games make the research progress lags behind the chess games in AI(Although) it is still very difficult to find a fast algorithm to solve a poker game with complete information which is the foundation of some advance researchesThis paper gives a standard way to encode and store a game state into hash(table),so the memory of hash table can be used more effectively and higher hit rate can be gotten in Scout search methodWith the new encoding method,the total expanding leaf nodes reduces by around 5%

Journal Article
TL;DR: This paper uses hash table to organize the MAC address table in designing a switch controller and an efficient implementation of parallel CRC calculation is used to generate the hash index.
Abstract: This paper uses hash table to organize the MAC address table in designing a switch controller.To resolve hash collision,the address table is organized into buckets with two entries in each.An efficient implementation of parallel CRC calculation is used to generate the hash index.Thus,a quick search of MAC address table is achieved.