take your stolen table of hashes
for each hash
find it in the rainbow table.If it’s there, you cracked it.
Here’s what you need to know about rainbow tables: no modern password schemeis vulnerable to them.
Rainbow tables are easy to beat. For each password, generate a random number (a
).Hash the password with the nonce, and store both the hash and the nonce. The server hasenough information to verify passwords (the nonce is stored in the clear). But even with asmall random value, say, 16 bits, rainbow tables are infeasible: there are now 65,536“variants” of each hash, and instead of 300 billion rainbow table entries, you needquadrillions. The nonce in this scheme is called a “salt”.Cool, huh? Yeah, andUnix crypt—- almost the lowest common denominator in securitysystems —- has had this featuresince 1976. If this is news to you, you shouldn’t bedesigning password systems. Use someone else’s good one.
Most of the industry’s worst security problems (like the famously bad LANMAN hash)happened because smart developers approached security code the same way they did therest of their code. The difference between security code and application code is, whenapplication code fails, you find out right away. When security code fails, you find out 4 yearsfrom now, when a DVD with all your customer’s credit card and CVV2 information startscirculating in Estonia.
Here’s a “state of the art” scheme from a recent blog post on rainbow tables and salts:
hash = md5('deliciously-salty-' + password)
http://www.securityfocus.com/blogs/262 (2 of 8)9/20/2007 7:42:29 PM