Rainbow table

About: Rainbow table is a research topic. Over the lifetime, 488 publications have been published within this topic receiving 11528 citations.

Evaluating Windows Vista user account security

Abstract: In the current Windows version (Vista), as in all previous versions, creating a user account without setting a password is possible. For a personal PC this might be without too much risk, although it is not recommended, even by Microsoft itself. However, for business computers it is necessary to restrict access to the computers, starting with defining a different password for every user account. For the earlier versions of Windows, a lot of resources can be found giving advice how to construct passwords of user accounts. In some extent they contain remarks concerning the suitability of their solution for Windows Vista. But all these resources are not very precise about what kind of passwords the user must use. To assess the protection of passwords, it is very useful to know how effective the widely available applications for cracking passwords. This research analyzes, in which way an attacker is able to obtain the password of a Windows Vista PC. During this research the physical access to the PC is needed. This research shows that password consists of 8 characters with small letter characters and numbers can easily be cracked if it has know usual combinations. Whereas a Dictionary Attack will probably not find unusual combinations. Adding captel letter characters will make the process harder as there are several more combinations, so it will take longer time but is still feasible. Taking into account special characters it will probably take too long time and even most Dictionary Attacks will fail. For rainbow tables the size of the table has to be considered. If it is not too big, even these small passwords cannot be cracked. For longer passwords probably the simplest ones, small letter characters and numbers, can be cracked only. In this case brute force takes too long time in most cases and a dictionary will contain only a few words this long and even the rainbow tables become too large for normal use. They can only be successful if enough limitations are known and the overall size of the table can be limited.

Rainbow table TMTO attack optimization considering online sequential search time

Abstract: In this paper, we propose an optimized parameter selection procedure for rainbow table Time Memory Trade-Off (TMTO) attack with sequential online search. Unlike previous works that mainly deal with minimizing required memory in the rainbow table TMTO attack we simultaneously focus on the required memory and online search time. Our parameter selection technique is optimized regarding the minimization of the required memory subject to a certain success probability and a maximum online search time. Obtained results are two compact mathematical expressions for determining rainbow table TMTO attack parameters, number and length of chains. The application of our optimized parameter selection procedure is also shown in a sample example.

Password remotely authentication method based on the intelligent card and an intelligent card, a server and system thereof

Abstract: A password remotely authentication method based on the intelligent card, and the intelligent card, the server and the system thereof, and a method and a system for password transformation. The password remotely authentication method includes: the server generates the encrypted user information by using the system key and the user identifier inputted as the first hash function value and the user password inputted as the second hash function converse function value, and stores the encrypted user information to the intelligent card; when logging in the server, the intelligent card makes exponential operation for the encrypted user information with the second hash value as the power, and then obtaining the second encrypted user information, and calculates the third hash function value by using the second encrypted user information as an input, and sends the logging request message including the third hash function value to the server; the server validates the received third hash function value by the first hash function value and the second hash function value so as to realize password authentication.

Variants of the Distinguished Point Method for Cryptanalytic Time Memory Trade-offs

Abstract: The time memory trade-off (TMTO) algorithm, first introduced by Hellman, is a method for quickly inverting a one-way function, using pre-computed tables. The distinguished point method (DP) is a technique that reduces the number of table lookups performed by Hellman’s algorithm. In this paper we propose a new variant of the DP technique, named variable DP (VDP), having properties very different from DP. It has an effect on the amount of memory required to store the pre-computed tables. We also show how to combine variable chain length techniques like DP and VDP with a more recent trade-off algorithm called the rainbow table method.

Adjusting iteration count in dynamic key stretching

Abstract: Data access protection in a system that can determine a passphrase for controlling access to a file, operate a hash function on the passphrase by a predetermined number of iterations to provide an intermediate passphrase, and send a request for an enhanced passphrase to a server in communication with the apparatus, where the request can include the intermediate passphrase. Subsequently, the disclosed computing system can receive, from the server, the enhanced passphrase, based on the intermediate passphrase in response to the request. The encrypted file header may include the adjusted iteration count where the case iteration can be modified by a random number, or by an exponential function of time, which is significantly smaller than the base iteration count. This reduces the effectiveness of rainbow tables.