Topic
Rainbow table
About: Rainbow table is a research topic. Over the lifetime, 488 publications have been published within this topic receiving 11528 citations.
Papers published on a yearly basis
Papers
More filters
••
14 Jul 2016TL;DR: The proposed much faster speed (270,000 PMKs/s) is the major crucial factor and base for the mainstream of wireless passwords attacks, such as brute force, dictionary, time-memory trade-off (rainbow attack), and the generations of dictionary files.
Abstract: The encryption of WPA & WPA2 is the present and security protection for the wireless LAN. With the vigorous development of parallel computing (GPU), the speed of cryptanalysis is rising up and getting more popular which causes the great threat to the Wi-Fi security. It is time-consuming for the wireless passwords analysis for the huge total combinations of 9563 max. Now, it is the turning point that the leap progress of GPU makes the Wi-Fi cryptanalysis much more efficient than before. In this research, we proposed a much faster speed (270,000 PMKs/s) compared to those in years, and the speed of computing PMKs/s is the major crucial factor and base for the mainstream of wireless passwords attacks, such as brute force, dictionary, time-memory trade-off (rainbow attack), and the generations of dictionary files.
1 citations
•
24 Jul 2015TL;DR: In this article, a password table including the password characters and a preset number of supplemental characters is randomly generated, and an indication table indicating password characters as the account password in the password table is generated.
Abstract: Password characters input by a user as an account password are obtained. A password table including the password characters and a preset number of supplemental characters is randomly generated. An indication table indicating the password characters as the account password in the password table is generated. The password table and the indication table are stored. The techniques of the present disclosure improve password security.
1 citations
••
08 Dec 2015TL;DR: A new reduction function, a table compression technique and their GPU implementation on GeForce GTX 670 is proposed and it becomes 17.6% faster than RainbowCrack, and memory size of precomputation table can be decreased by 23.0%.
Abstract: Rainbow table is one of the techniques to crack passwords from hash values by precomputation table. However, password cracking takes much time in the case of long password. Accelerators such as GPGPUs will reduce time spent on cracking for long passwords. Rainbow Crack is a password cracking software program which implements rainbow table. Rainbow Crack uses reduction function, table compression and GPU implementation. This paper proposes a new reduction function, a table compression technique and their GPU implementation on GeForce GTX 670. As a result, it becomes 17.6% faster than RainbowCrack, and memory size of precomputation table can be decreased by 23.0%.
1 citations
••
TL;DR: In this paper, the authors evaluated the effectiveness of different password storage techniques and found that pairing a strong password that has not been exposed in a data breach with the BCRYPT hashing algorithm results in the most robust password security.
Abstract: Recently, there has been a rise in impactful data breaches releasing billions of people’s online accounts and financial data into the public domain. The result is an increased importance of effective cybersecurity measures, especially regarding the storage of user passwords. Strong password storage security means that an actor cannot use the passwords in vectors such as credential-stuffing attacks despite having access to breached data. It will also limit user exposure to threats such as unauthorized account charges or account takeovers. This research evaluates the effectiveness of different password storage techniques. The storage techniques to be tested are: BCRYPT Hashing, SHA-256 Hashing, SHA-256 with Salt, and SHA-256 with MD5 Chaining. Following the National Institute of Standards and Technology (NIST) guidelines on password strength, both a weak and robust password will be passed through the stated techniques. Reversal of each of the results will be attempted using Rainbow Tables and dictionary attacks. The study results show that pairing a strong password that has not been exposed in a data breach with the BCRYPT hashing algorithm results in the most robust password security. However, SHA-256 hashing with a salt results in a very similar level of security while maintaining better performance. While plain SHA-256 hashing or chaining multiple hashing algorithms together is theoretically as secure, in practice, they are easily susceptible to simple attacks and thus should not be used in a production environment. Requiring strong password which have not been exposed in previous data breaches was also found to greatly increase security.
1 citations
••
14 Dec 2015TL;DR: STUMP can prevent offline parallel attacks - including pre-computed attacks utilizing rainbow tables - from cracking 99.718% of passwords that are <;8-characters in length; STUMP has also shown to completely prevent the attacker from cracking password that are ≥ 8 characters in length i.e., (100% secure).
Abstract: Offline password cracking has seen significant advances in recent years. This is mainly due to a dramatic increase in accessible computational speeds and the increased exploitation of GPUs for parallel processing. Cheaper and faster hardware, combined with new techniques, have allowed inexpensive GPUs to crack passwords at rates which only supercomputers could achieve previously. One inexpensive mitigation technique that we have uncovered is built on the core idea of pre-hash password manipulations. Our technique is named STUMP. Through rigorous empirical analysis, we demonstrate that STUMP can prevent offline parallel attacks m including pre-computed attacks utilizing rainbow tables m from cracking 99.718% of passwords that are <8-characters in length; STUMP has also shown to completely prevent the attacker from cracking passwords that are g 8 characters in length i.e., (100% secure). Finally, for all cases, STUMP can be employed to stall the attacks m regardless of whether the attack is a laborious brute-force technique or a more intelligent dictionary attack m as neither will return the user's original password.
1 citations