scispace - formally typeset
Search or ask a question
Topic

Rainbow table

About: Rainbow table is a research topic. Over the lifetime, 488 publications have been published within this topic receiving 11528 citations.


Papers
More filters
Book ChapterDOI
14 Jul 2016
TL;DR: The proposed much faster speed (270,000 PMKs/s) is the major crucial factor and base for the mainstream of wireless passwords attacks, such as brute force, dictionary, time-memory trade-off (rainbow attack), and the generations of dictionary files.
Abstract: The encryption of WPA & WPA2 is the present and security protection for the wireless LAN. With the vigorous development of parallel computing (GPU), the speed of cryptanalysis is rising up and getting more popular which causes the great threat to the Wi-Fi security. It is time-consuming for the wireless passwords analysis for the huge total combinations of 9563 max. Now, it is the turning point that the leap progress of GPU makes the Wi-Fi cryptanalysis much more efficient than before. In this research, we proposed a much faster speed (270,000 PMKs/s) compared to those in years, and the speed of computing PMKs/s is the major crucial factor and base for the mainstream of wireless passwords attacks, such as brute force, dictionary, time-memory trade-off (rainbow attack), and the generations of dictionary files.

1 citations

Patent
Yin Guang-Hui1
24 Jul 2015
TL;DR: In this article, a password table including the password characters and a preset number of supplemental characters is randomly generated, and an indication table indicating password characters as the account password in the password table is generated.
Abstract: Password characters input by a user as an account password are obtained. A password table including the password characters and a preset number of supplemental characters is randomly generated. An indication table indicating the password characters as the account password in the password table is generated. The password table and the indication table are stored. The techniques of the present disclosure improve password security.

1 citations

Proceedings ArticleDOI
08 Dec 2015
TL;DR: A new reduction function, a table compression technique and their GPU implementation on GeForce GTX 670 is proposed and it becomes 17.6% faster than RainbowCrack, and memory size of precomputation table can be decreased by 23.0%.
Abstract: Rainbow table is one of the techniques to crack passwords from hash values by precomputation table. However, password cracking takes much time in the case of long password. Accelerators such as GPGPUs will reduce time spent on cracking for long passwords. Rainbow Crack is a password cracking software program which implements rainbow table. Rainbow Crack uses reduction function, table compression and GPU implementation. This paper proposes a new reduction function, a table compression technique and their GPU implementation on GeForce GTX 670. As a result, it becomes 17.6% faster than RainbowCrack, and memory size of precomputation table can be decreased by 23.0%.

1 citations

Journal ArticleDOI
TL;DR: In this paper, the authors evaluated the effectiveness of different password storage techniques and found that pairing a strong password that has not been exposed in a data breach with the BCRYPT hashing algorithm results in the most robust password security.
Abstract: Recently, there has been a rise in impactful data breaches releasing billions of people’s online accounts and financial data into the public domain. The result is an increased importance of effective cybersecurity measures, especially regarding the storage of user passwords. Strong password storage security means that an actor cannot use the passwords in vectors such as credential-stuffing attacks despite having access to breached data. It will also limit user exposure to threats such as unauthorized account charges or account takeovers. This research evaluates the effectiveness of different password storage techniques. The storage techniques to be tested are: BCRYPT Hashing, SHA-256 Hashing, SHA-256 with Salt, and SHA-256 with MD5 Chaining. Following the National Institute of Standards and Technology (NIST) guidelines on password strength, both a weak and robust password will be passed through the stated techniques. Reversal of each of the results will be attempted using Rainbow Tables and dictionary attacks. The study results show that pairing a strong password that has not been exposed in a data breach with the BCRYPT hashing algorithm results in the most robust password security. However, SHA-256 hashing with a salt results in a very similar level of security while maintaining better performance. While plain SHA-256 hashing or chaining multiple hashing algorithms together is theoretically as secure, in practice, they are easily susceptible to simple attacks and thus should not be used in a production environment. Requiring strong password which have not been exposed in previous data breaches was also found to greatly increase security.

1 citations

Proceedings ArticleDOI
14 Dec 2015
TL;DR: STUMP can prevent offline parallel attacks - including pre-computed attacks utilizing rainbow tables - from cracking 99.718% of passwords that are <;8-characters in length; STUMP has also shown to completely prevent the attacker from cracking password that are ≥ 8 characters in length i.e., (100% secure).
Abstract: Offline password cracking has seen significant advances in recent years. This is mainly due to a dramatic increase in accessible computational speeds and the increased exploitation of GPUs for parallel processing. Cheaper and faster hardware, combined with new techniques, have allowed inexpensive GPUs to crack passwords at rates which only supercomputers could achieve previously. One inexpensive mitigation technique that we have uncovered is built on the core idea of pre-hash password manipulations. Our technique is named STUMP. Through rigorous empirical analysis, we demonstrate that STUMP can prevent offline parallel attacks m including pre-computed attacks utilizing rainbow tables m from cracking 99.718% of passwords that are <8-characters in length; STUMP has also shown to completely prevent the attacker from cracking passwords that are g 8 characters in length i.e., (100% secure). Finally, for all cases, STUMP can be employed to stall the attacks m regardless of whether the attack is a laborious brute-force technique or a more intelligent dictionary attack m as neither will return the user's original password.

1 citations


Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
84% related
Encryption
98.3K papers, 1.4M citations
82% related
Public-key cryptography
27.2K papers, 547.7K citations
82% related
Authentication
74.7K papers, 867.1K citations
79% related
Key (cryptography)
60.1K papers, 659.3K citations
79% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20215
20206
201911
201810
201729
201630