Unformatted text preview:   Prevents aCacker from knowing if guess succeeded •  Example: preven'ng any logins to an account from a network –  Prevents knowing results of verifica'on func'on or accessing verifica'on func'on. 21 Sal'ng •  Have a set of n hash func'ons –  Randomly select one func'on when registering new authen'ca'on info –  Store ID of func'on with registered info •  ACacker must try all n func'ons to see if his guess matches any password •  When does this help? When does it not? 22 Examples •  Vanilla UNIX method –  Use DES to encipher 0 message with password as key; iterate 25 'mes –  Perturb E table in DES in one of 4096 ways •  12 bit salt flips entries 0–11 with entries 24–35 •  E Table is per round expansion table •  Alternate methods –  Use salt as first part of input to hash func'on Take- home message - - - use n extra bits independent of password to increase work needed by brute- force aCach by 2^n 23 Rainbow Tables •  Technique used to aid in the cracking of hashed passwords –  Looks for a balance between storage and computa'on •  Rather than keeping dic'onary list, could pre- compute the hashes of the dic'onary values –  For large dic'onaries, s'll a lot of space –  Par'cularly if using a smart lookup table •  Trade off space for 'me with hash chain –  p1- >H(p1)- >R(H(p1))- >H(R(H(p1))) –  aaaaaa –h- > 281DAF40 –r- > sgfnyd –h- > 920ECF10 –  Reduc'on func'on, r, picks another plaintext from the hash. It is not the inverse hash –  Only store start and end of hash –  Given hash to break, look for it in the end of the chains. –  Apply reduc'on and hash if not found –  Con'nue un'l found Rainbow tables •  Very effec've against Lan Manager Hashes –  Calculated by XP and up to Windows 2008 by default for “backwards compa'bility” –  Can download...
