Alt3rn4tiv3's Tech Blog

I apologize for the lack of posts. I had a maths mock exam today and I needed time to prepare for it. So anyway - today’s post is about rainbow tables! (duh)

Many people, by hook or by crook, obtain the hash of a password which they want to know of. Whether it’s because they’re trying to test the strength of their password, or because they want to recover their password, or even because they want to find out what others’ passwords are. Yet again, there are those who don’t know what to do.

So these are the things that they try…

• Dictionary attack
• Brute force attack

Yes, it’s effective to a certain extent - since most people use easy-to-guess passwords. Most can be found with dictionary attacks, and some even from bruteforce, since many passwords are short as well. Cain & Abel is a great tool for such stuff. Its dictionary attack feature has many options, including but not limited to reverse string, caps permutations, hybrid combinations, etc.

But in any case, the point of today’s post is about rainbow tables. So what are they? A rainbow table is a look-up table that uses a time-memory trade-off technique. It’s used to recover passwords in a short amount of time. The common hashes supported are md5, ntlm and lm.

So how does a rainbow table work? You have a hashing function and a reduction function. The hashing function is the function in which your plaintext was hashed with. The reduction function can take any form - it’s just a generation of a new plaintext from the resultant hash.

So let’s give an example, with an expectant plaintext of a 5char numeric password -
“12345″ -> md5 -> “827ccb0eea8a706c4c34a16891f84e7b”
“827ccb0eea8a706c4c34a16891f84e7b” -> reduction function -> “82708″

Note: 82708 are the first 5 numbers found in the hash. That’s an example of a reduction function.

“82708″ -> md5 -> “71b8e22700e63c2a0c1bad6506549d3b”
“71b8e22700e63c2a0c1bad6506549d3b” -> reduction function -> “71822″
etc.

So a chain is formed from there. Many of these chains form a rainbow table. So you have a rainbow table, then what?

The rainbow table cryptanalysis software (Cain can provide you with that feature too) will look for the hash by following the chains without computing the valid of each md5 hash of each plaintext password on the fly.

Because of collisions though, rainbow tables don’t ensure that 100% of the plaintext gets hashed and precomputed for your usage. You can only say how probable it is that a table of chains contains a certain plaintext.

So now, site recommendations -

Services to apply rainbow tables cryptanalysis on your submitted hash
Plain-Text.info
milw0rm Cracker

Rainbow tables generator / downloads
Project RainbowCrack
Shmoo Group

MD5 Search Engines
TheKaine
Plain-Text.info
milw0rm Cracker

And check this out!

Hope you learnt something!