Rainbow Table (Rainbow Table) Note 1. Create your own Table to crack MD5

Tool used from http://project-rainbowcrack.com/index.htm#download
 
 
 
Basic Steps: generate a rainbow table (rtgen) --> sort (rtsort) --> crack (rcrack)
 
 
 
To generate a rainbow table, run the following command:
 
Rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index two parameters are not very easy to understand: table_index and part_index. If you want to study it in detail, refer to the following thesis: Philippe Oechslin's original paper. Now we can "speculate" The purpose of the two parameters from the test perspective.

 

First generate a Rainbow Table with low coverage, and then use this Table to crack b0baee9d279d34fa1dfd71aadb908c3f (= md5 ("11111 "))

Rtgen md5 numeric 5 5 0 100 200 0

Rtsort *. rt

Rcrack *. rt-h b0baee9d279d34fa1dfd71aadb908c3f

The system prompts that the corresponding string cannot be found.

Then, the part_index value increases progressively and is tested repeatedly. If part_index is 3, the attack is successful.

The rt file defines that each link in the rainbow table occupies 16 bytes. the first 8 bytes is the start point, and the last 8 bytes is the end point ). The number of nodes in each chain is defined by chain_len. In this example, the number is 100. Open the *. rt file, and you can see that the starting point is constantly increasing inside the file, and the adjacent files are also increasing sequentially. By "rtgen md5 numeric 5 5 0 100 200 0", "rtgen md5 numeric 5 5 5 0 100 200 1", "rtgen md5 numeric 5 5 5 0 100 3 ".... .. the file group generated by "rtgen md5 numeric 5 5 0 100 200 9" is equivalent to the file created by "rtgen md5 numeric 5 5 5 0 100 0.

Next, use md5 ("99999") for testing until the part_index is 9, and the attack succeeds.

 
Analysis: The sample space composed of 5 digits is 100, and each rainbow table contains 2 W nodes (200 *). By principle, only 5 rt files are required for full coverage. Why can't we crack md ("99999") until part_index = 9? I think the main reason is that the R operation (http://en.wikipedia.org/wiki/Rainbow_table) won't be able to uniformly overwrite the sample space without conflict. Of course, it is impossible to construct such an R function (in fact, it is also unlikely ). There must be a certain number of conflicting nodes in each rainbow table, and different rainbow table nodes also have conflicting nodes. Therefore, the coverage of the rainbow table cannot be simply added or multiplied. To increase the coverage rate, you can only increase the coverage rate by increasing the number of nodes contained in the rainbow table or the number of rainbow tables. When downloading the rainbow table, the description next to it is marked with a success rate parameter (I still don't know how to calculate it). Maybe this is the reason.
 
 
 
Next, test the table_index parameter.
 
Use rtgen md5 numeric 5 5 0 100 200 0 to generate a rainbow table and increment table_index sequentially until table_index = 7, md5 ("11111") can be cracked successfully ").
 
Open the rt file. We can see that the start point of each rainbow table is the same, but because the table_index value is different, the end points of different tables with the same start point are also different.
 
Analysis: table_index is related to the "reduce function ". When a rainbow table is generated, the following prompt is displayed: "reduce offset: 0x00070000". Different table_indexes correspond to different reduce offsets. As you can see from the document, table_index generates a new table by influencing the running parameters of the R function to improve the coverage rate.
 
 
 
Finally, traverse all the sample space for 00000 ~ 99999. Compare the success rate of the two methods for creating a rainbow table: the first group, the part_index (0 to 9), and the second group, the table_index (0 to 9 ). As a result, the first md5_numeric # 5-5_0_100x200_X.rt rainbow table contains 24756 md5 values that cannot be cracked and the cracking rate is 75.244%. The second md5_numeric # 5-5_X_100x200_0.rt rainbow table contains 15363 md5 values that cannot be cracked.
 
 
 
Next discussion: how to generate a rainbow table with high cracking rate.

The author's column in haungrui