Rainbow Tabels


Have you ever noticed that some things in certin places on the internet on occasion require the use of a password, or log-in of some kind? Ever wonder if there was possibly a way around this “barrier”? Maybe you forgot a password to your msn account, or maybe someone you hate has a website that you’d like to see destroyed… Eitherway, a password or login is required and your sitting in your chair doing nothing usefull… You may not know alot about it yourself, but your aware of “hackers” and “crackers”. Ask yourself an honest question… What do they know that you dont? Why is it that a 13 year old halo nerd can steel my bank info and ring up a huge bill on my visa? What am i missing here…

Rainbow Tables. Contrary to what the name might imply, Rainbow tables are an extreamly powerful and useful tool in the computer world, and they are alot less complicated then you may think.

What are they?
(accoarding to Wikipedia)
A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function, often a cryptographic hash function. A common application is to make attacks against hashed passwords feasible. Salt is often employed with hashed passwords to avoid this attack.

(In English More Less)
Rainbow tables use a refined algorithm by using a number of different reduction functions to create multiple parallel chains within a single “rainbow” table, reducing the probability of false positives from accidental chain collisions, and thus increasing the probability of a correct password crack. As well as increasing the probability of a correct crack for a given table size, the use of multiple reduction functions also greatly increases the speed of lookups. See the paper cited below for details.
Rainbow tables are specific to the hash function they were created for e.g., MD5 tables can crack only MD5 hashes. The theory of this technique was first pioneered by Philippe Oechslin [1] as a fast form of time-memory tradeoff [2] (PDF), which he implemented in the Windows password cracker Ophcrack. The more powerful RainbowCrack program was later developed that can generate and use rainbow tables for a variety of character sets and hashing algorithms, including LM hash, MD5, SHA1, etc.

What that all means isssss???

They allow you to hack the shit out of things :D If theres a password you need, or an account name to something, you can use Rainbow Tables to “recover” them. Say your friend has a clan. Part of his clan is a website. You dont like his website. With Rainbow Tables you could figure out the admin’s username and his password, and in return, log in and make changes :D

WHY DOESNT EVERYONE HAVE THEM IF THEIR SO 13ET??

1) They are underground. Not many people know they even exsist.
2) They are fairly complicated as first look, but have a HUGE community backing them up.
3) They are massive in size. A shitty set of tables runs at about 8 Gigabytes, and would prove very in-effective for most uses. If you wanted to “crack” serious things, you’d need a set running about 120 Gigabytes in size. Currently they are working on a set that are approx. 420 Gigabytes in size. So basically, unless you want to wait 6 months for download your out of luck with getting them.
(However some programs are offered where they will ship them to you on a hard drive the download)

About 40urs3r1ous

Yes, i am 4øµr¬$³®!Oüš

Posted on April 16, 2007, in Underground Tips. Bookmark the permalink. 2 Comments.

  1. Nice introduction to the subject, thanks. I did interview Philippe Oechslin in a hacking conference, but I didn’t know about Rainbow Tables, now I understand a bit more.

  1. Pingback: Professionnel et marginal : statut ambigu d’un white hat « Hacker Area ………. ……….Territoire Hacker

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 2,282 other followers