a new time-memory-resource trade-off method for password recovery communications and intelligence...
TRANSCRIPT
A New Time-Memory-Resource Trade-Off Method for Password
RecoveryCommunications and Intelligence Information Security
(ICCIIS), 2010 International Conference Authors: Wei Zhang Coll. of Compute., Nanjing Univ. of
Posts & Telecommun., Nanjing, China Mengyuan Zhang ; Yiyang Liu ; Ruchuan Wang
1
Password crackThere are two common ways to crack the password if we know the encrypted password:
•Brute-force attack.• Try every passwords until you find the right one.• Time costs may be large.
•Lookup table.• Create a list of passwords and their encrypted results, then
search them.• Crack Fast but need large storage.
•Time-memory tradeoff
2
Rainbow table method
• Reduce function : maps hashes to plaintexts.
• Hash chain
3
Rainbow table method
4
Rainbow table method
5
Example: Hash chain
•Give a hash “3626”1. Can not find 3626 in h32. R2(3626) = 363. H(36) = 4202(match)4. Look up the table and find the p1 is 255. H(25) = 20596. R(2059) = 597. H(59) = 3626 The plaintext is 59!!
The rainbow chain with multi-resources
• Dividing a large rainbow table into several small rainbow sub-tables.
• Server-Client mode– Step1: Initialize, ensure each client has corresponding
rainbow tables; – Step2: Start crack password, generate crack task; – Step3: Collect the information of the clients including
specialized resources; – Step4: According to the Step3 results, generate sub-tasks and
dispatch to clients; – Step5: Coordinate the clients, broadcast cracked hash
message to clients to cancel the cracked job; – Step6: Collect the results form the clients, close the clients’
connection, and end the whole crack task. 6
The rainbow chain with multi-resources
7
Result
• CPU: Pentium4 CPU 2.93GHz, Memory: 256MB, Hard Disk: 7200, Windows XP Professional SP2
8
Summary
• Large storage space and the requirement of cracking time is rainbow table’s bottleneck in single machine.
• Cracking resources extend the two dimensional ( space and time ) exchanging problems of original rainbow chain.
9
Reference
• M. E. Hellman, “A Cryptanalytic Time-Memory Trade-Off’, IEEE Transactions on Information Theory, Vol. IT-26, No.4, 1980 ,pp.401-406.
• http://en.wikipedia.org/wiki/Rainbow_table• http://www.rainbowcrack.com
10