31 A rainbow table is just a pre computed table of all possible password values

A rainbow table is just a pre-computed table of all possiblepassword values and their corresponding hashes. The ideabehind rainbow table attacks is to trade computationalpower for disk space by pre-computing the hashes andstoring them in a table. An attacker can determine what thecorresponding password is for a given hash by just lookingup the hash in their rainbow table. This is unlike a bruteforce attack where the hash is computed for each guessattempt. It's possible to download rainbow tables from theinternet for popular password lists and hashing functions. This further reduces the need forcomputational resources requiring large amounts of storage space to keep all the password and hashdata. You may be wondering how you can protect against these pre-computed rainbow tables. That'swhere salts come into play. And no, I'm not talking about table salt.Apassword saltis additional randomized data that's added into the hashing function to generate thehash that's unique to the password and salt combination. Here's how it works.A randomly chosen large salt is concatenated or tacked onto the end of thepassword. The combination of salt and password is then run through thehashing function to generate the hash which is then stored alongside the salt.What this means now for an attacker is that they'd have to compute a rainbowtable for each possible salt value. If a large salt is used, the computational andstorage requirements to generate useful rainbow tables becomes almostunfeasible. Early Unix systems used a 12 Bit salt, which amounts to a total of4,096 possible salts. So, an attacker would have to generate hashes for everypassword in their database, 4,096 times over. Modern systems like Linux,BSD and Solaris use a 128 bit salt. That means there are two to the 128 powerpossible salt values, which is over 340 undecillion. That's 340 with 36 zerosfollowing. Clearly, 128 bit salt raises the bar high enough that a rainbow tableattack wouldn't be possible in any realistic time-frame. Just another scenario when adding salt tosomething makes it even better. That runs out our lesson on hashing functions. Up next we'll talk aboutreal world applications of cryptography and explain how it's used in various applications and protocols.But first, a project that will help you get hands on with hashing.32

Cryptography ApplicationsPublic Key InfrastructureIn this lesson, we're going to coverPKI, or Public Key Infrastructure. Spoiler alert, this is a criticalpiece to securing communications on the Internet today. Earlier we talked about Public KeyCryptography and how it can be used to securely transmit data over an untrusted channel and verify theidentity of a sender using digital signatures.PKI is a system that defines the creation, storage and distribution of digital certificates. A digitalcertificate is a file that proves that an entity owns a certain public key.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 156 pages?

Upload your study docs or become a

Course Hero member to access this document

Term

Fall

Professor

NoProfessor

31 a rainbow table is just a pre computed table of

Share this link with a friend:

Other Related Materials

Newly uploaded documents

Newly uploaded documents