Eve wants to start a password cracking web service for stole

Eve wants to start a password cracking web service for stolen SHA-256 password hashes. Suppose Eve uses a rainbow table with 20 passwords in each chain.How many different passwords can she crack if the entire table is kept in memory and she has 4GB of memory? (Assume all passwords are 10 characters long.) What simple security measure can a systems administrator take to reduce the effectiveness of Eve\'s system (aside from measures to prevent compromise of password hashes)?

Solution

Imagine a rainbow table like this:

A table may be a list of chains

A chain may be a watchword and a hash

But wait ... let’s decision this watchword P1 and also the hash within the chain we have a tendency to decision He

Let’s more say we\'ve got some hash operate h(x) and a few reduction operate R(x) which is able to assign AN output of h(x) to AN capricious however equally distributed watchword in our key area

If you have got a series length of twenty that merely says this:

Take P1 ... calculate H1=h (P1)

Calculate P2 as R (h1) ... calculate H2 as h (P2)

Calculate Pn as R (hn-1) ... calculate hydrazoic acid as h (Pn)

Until once twenty steps we\'ve got P20 and H20 ... that is additionally He

Now we have a tendency to store P1 and He ... aka P1 and H20

This is a series

A table consists of an inventory ... a sorted list of chains ... sorted by the hash if you have got some hash x to be cracked, do this:

Assign y = x

Look for y in your table

If found, take the watchword of the corresponding chain, and build all watchword/hash tuples that when fashioned the chain and appearance for your password...