Team ThreadRippersPresentation-4

Omkar KakadeIndrajeet Vidhate

Password Cracking(using Rainbow Tables)

Summary● Cannot store password in plain text.

● Cryptographic Hash are stored.

● Program to crack hashes using rainbow tables.

● Rainbow Table is a precomputed table of cryptographic hashes.

Why?

● Practical example of space - time tradeoff. (less computer processing time and more storage)

Simplified rainbow table with 3 reduction functions

Design of Sequential ImplementationGenerate N hashes to crack and store in a list.For (int i = 0; i < height of Rainbow Table ; i++)

Generate ChainsFor each i:

For (int j = 1; j < 10; j++)Calculate rainbowTable[i][j]th entry

For(int i = 0; i < N; i++)Pass ith hash to crack to RainbowHashCracker

Search each entry in rainbowTable[height of Rainbow Table][N-1]If entry matches with kth element:

Regen chain at rainbowTable[k][0]Return plaintext for which p -> (hash) == ith hash

Design of Parallel ImplementationDeclaring a parallel work queue to process hashes parallely

Declare a ‘volatile’ List to store cracked password

Initialize starting chain random plain textsParallelFor ( i = 0 to RainbowTable[height]-1 )

start() { Create a separate RainbowGenerator Object }For each thread executing some chunk of i to RainbowTable[height]

For ( j = 1 to RainbowTable[Widhth]-1)Calculate rainbowTable[i][j]th entry & store only final value as endpoint

Design of Parallel Implementation parallelDo{

New Section { run ( generate and put each hash in Parallel WorkQue )

},

New Section { parallelfor (ParallelWorkQue)

start() { new PasswordCracker object for each thread }

run() { Crack password from taking item from queue, providing inherent dynamic scheduling.

}

Strong Scaling

Strong Scaling

Non Ideal Strong ScalingThe main reason of why ideal scaling is not achieved is because of large height of rainbow table array, in this height of 9000000, introduces a huge sequential dependency.

But as the accuracy is highly dependent on the rainbow table size (reducing the table heights increased the speed up but reduced the accuracy in some settings), it was a tradeoff between accuracy and efficiency indirectly.

We observed that after increasing the problem size ‘N’ more better speedups were seen.

As different hashes will take different time to cracked ranging from O(1) to O(90000000),

Due to such vast differences, sharp spikes can be seen in speedups and efficiencies.

Weak Scaling

Weak Scaling

Non Ideal Weak Scaling

- The reason for non ideal weak scaling is that when the input size is multiplied by N*K, there is a possibility some of the password might be cracked earlier relative to other thus unbalancing the computational time. (N*K - N*1 data size)

Future Work- Research on parameters of Rainbow table [height and width] to find the optimal trade off

between the accuracy (number of passwords cracked correctly) and efficiency (scaling performance) of the program.

- To incorporate passwords of different character sets and lengths.

Learnings- How Rainbow tables work for password cracking, their structure generation as well as cracking

part.- If Different parts of a same data structure (in our case rainbow tables) can be generated

independently of each other, a parallelFor loop is efficient choice of design.- In cases when Sequential data generation or sequential data reading from file is required, best

practice is to to implement Overlapping pattern.- To overcome the per thread overhead part in the program, scale up the input size enough to get

better view of speedup and efficiency.- Sharing arrays of very large size (9000000 *2) in between the objects creates a significant

overhead, in terms of heap memory to be accessed as well as for reference sharing

THANK YOUQ&A