Rainbow table cracking algorithm)

This was written earlier when a friend asked him to optimize the rainbow table code. Today, another friend mentioned the rainbow table and shared the document with you.
The rainbow table algorithm is a popular password cracking algorithm. Many commercial software are based on its improvements.

The principle of encryption is that the plaintext space is mapped to a ciphertext space through a hash algorithm.

Two simplest ways to crack a password:
1. Calculate the hash of plain text in all plain text spaces in sequence, and compare it with the ciphertext. If it is equal, the corresponding plaintext is found.
2. Hash the plain text in all plain text spaces in advance and store the results in a table. When cracking, directly look up the table and find the corresponding plain text.

These two methods are either time-consuming or laborious. If you don't believe it, you can try to increase the size of the plaintext space ;-)

The core idea of understanding rainbow table is to understand reduce functions.
The hash function maps the plaintext space to the hash space. The reduce function maps the hash space to the plaintext space.
Note: The reduce function is not an inverse function of the hash function, but the ing direction is the opposite of that of the hash function. If so, we will be lucky ;-)
Of course, if the column bit is regarded as an inverse function, you can verify it. If it is verified, don't forget to tell me.

For example, for 6-digit MD5, MD5 ("493823")-> "222f00dc4b7f9131c89cff641d1a8c50 ".
Here we define the reduce function R () as the first six digits in the hash value, so R ("222f00dc4b7f9131c89cff641d1a8c50")-> "222004 ".
Now, we use the reduce function to obtain another plaintext, which is the purpose of the reduce function.
By repeating this process, different plain texts are generated each time to form a chain.
Plaintext-hash-> ciphertext-reduce-> plaintext-hash-> ciphertext ......

After a fixed round number of N, the final ciphertext B is obtained through the initial plaintext A, hash function H, and reduce function R.
As long as you know the, H, and r above, you can calculate the plaintext and ciphertext obtained in step I. In fact, all elements in the chain table except the beginning and end can be removed, because we can obtain them through computation ;-)
The start and end elements can be used to represent a and B. Of course, other systems, such as H, R, and N, are previously set.

In this way, the following links may be generated:

Iaisudhiu-> rj9cc34599c530b1e4a8f225d665802
Oxcviix-> c744b1716cbf8d4dd0ff4ce31a177151
9da8dasf-> 3cd696a8571a843cda316a229d741843
[...]
Sodifo8sf-> 7ad7d6fa6bb4fd28ab98b3dd33261e8f

With these links, we can use them for password cracking. Now, we have an unknown ciphertext X, which needs to be cracked to obtain the plaintext M.

The algorithm is as follows:
Start = 0
Step = 0
While (Step <n)
{
If (T in set_end)
Start = T. Start
Break
Else
T = hash (reduce (t ))
Step ++
}

If (start)
{
For (; I <n-step ;)
{
Start = reduce (Hash (start ))
}
M = start
}
Else
{
Not found ;-(
}

1. Search for all the elements at the end of the chain. If found, the loop jumps out.
2. If no result is found, call the reduce function to obtain a new plaintext and hash it to obtain the new ciphertext. The next step is to 1 and continue execution.
3. If yes, it indicates that the original ciphertext X is in the corresponding chain.
Note: The binary method is usually used to check whether the elements are in the element set at the end of a chain. You need to sort all the chains by the size of the elements at the end of the chain. The dictionary is usually very large and needs to be split into multiple files.

We use an instance diagram to describe it. m represents plaintext, and X represents ciphertext.

Assume that the original ciphertext is X2. Finally, through reduce and hash in step S, a ciphertext X6 is the end element of a chain.
So X2 must be in the chain of X6, and it is from the beginning of the m0 after (N-S-1) Step hash and reduce operation to get the plaintext, is the plaintext corresponding to the original ciphertext.

Note: Of course, there is a situation where the linked list we construct cannot cover all the plaintext ciphertext space, so it is possible that a ciphertext does not exist in all the linked lists, the ciphertext cannot be cracked.
In fact, the algorithm of the rainbow table is very simple. The biggest problem is to generate a bunch of better chains. This requires a lot of machines and a lot of hard disk resources. Many cracking products sell not software, but their dictionaries.
BTW: Because different chains of computing do not affect each other, parallel processing can be performed through parallel platforms such as Cuda.

Refer:
Http://kestas.kuliukas.com/RainbowTables/
Http://huaidan.org/archives/2132.html
Http://en.wikipedia.org/wiki/Rainbow_table
Http://lasecwww.epfl.ch/php_code/publications/search.php? Ref = oech03
Http://project-rainbowcrack.com/