Topic
Rainbow table
About: Rainbow table is a research topic. Over the lifetime, 488 publications have been published within this topic receiving 11528 citations.
Papers published on a yearly basis
Papers
More filters
•
IBM1
TL;DR: In this article, a user identifier and a user keying password are received from a user in conjunction with reception of a request from the user to obtain access to an application to determine whether the received user ID and keying passwords match a reference.
Abstract: A method and system for password validation. A user identifier (ID) and a user keying password are received from a user in conjunction with reception of a request from the user to obtain access to an application. The user keying password is a sequence of characters including at least one character from a first set of characters and at least one character from a second set of characters. The first set of characters are text characters allowed for defining a user password. The second set of characters are keying characters not allowed for defining a user password. It is determined whether the received user keying password matches a keying password reference. The keying password reference is based on a password definition rule.
13 citations
••
24 Jun 1996TL;DR: This paper presents an attack on Anderson and Lomas's proposed password-based authenticated key exchange protocol that uses collisionful hash functions.
Abstract: This paper presents an attack on Anderson and Lomas's proposed password-based authenticated key exchange protocol that uses collisionful hash functions The weaknesses of the protocol when an old session key is compromised are studied and alternative solutions are given
13 citations
•
08 Aug 2011TL;DR: In this paper, a server and a client mutually exclusively execute server side and client-side commutative cryptographic processes and server-side and client side permutation processes, where the server has access to a hash table, while the client does not.
Abstract: A server and a client mutually exclusively execute server-side and client-side commutative cryptographic processes and server-side and client-side commutative permutation processes. The server has access to a hash table, while the client does not. The server and client perform a method including: encrypting and reordering the hash table using the server; communicating the encrypted and reordered hash table to the client; further encrypting and further reordering the hash table using the client; communicating the further encrypted and further reordered hash table back to the server; and partially decrypting and partially undoing the reordering using the server to generate a double-blind hash table. To read an entry, the client hashes and permute an index key and communicates same to the server which retrieves an item from the double-blind hash table using the hashed and permuted index key and sends it back to the client which decrypts the retrieved item.
13 citations
••
22 Aug 2005TL;DR: In this paper, the use of LFSR sequences for function generation for the Rainbow TMTO has been discussed, which is similar to the example given by Fiat and Naor for the Hellman TMTO.
Abstract: Time/memory trade-off (TMTO) attacks require the generation of a sequence of functions which are obtained as minor modifications of a one-way function to be inverted. We carefully examine the requirements for such function generation. A counter based method is used to generate the functions for the rainbow method. We show that there are functions for which the counter method fails. This is similar to the example given by Fiat and Naor for the Hellman TMTO. Our main contribution is to suggest the use of LFSR sequences for function generation to be used in the rainbow TMTO. Properties of LFSR sequences such as long period, pseudorandomness properties and efficient forward and backward generation make such sequences useful for the intended application. One specific advantage is that it is not possible to a priori construct a Fiat-Naor type example for the LFSR based rainbow method.
13 citations
•
15 Jun 2004TL;DR: In this article, a password consisting of several fields (101 - 105 ) is presentedable in a series of instances (100, 110, 120, 130 ) and a comparison operation is performed in which the hysteresis field ( 113, 114 ) of the current presented instance of the password is compared using data retained since a prior instance of authentication.
Abstract: A password formed of several fields ( 101 - 105 ) is presentable in a series of instances ( 100, 110, 120, 130 ). The fields include at least one of (a) a static field ( 105 ) that does not change upon each instance of the password and (b) a dynamic field ( 101, 102 ) that changes with each instance of the password based upon extrinsic data. Further, there is a “hysteresis” field (or a “dynamic field with history”, 103, 104 ) which contains data that is a function of a preceding instance of the password. When a current presented instance ( 110 ) of the password is input/received, a comparison operation is performed in which the hysteresis field ( 113, 114 ) of the current presented instance of the password is compared using data retained since a prior instance of authentication of the password ( 101, 102 ).
13 citations