Rainbow Table Attacks
Rainbow table attacks, birthday password attacks, and hybrid attacks are discussed in this post. Other password attacks are covered here.
These are all important topics related to the SY0-401 Security+ exam and covered in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
Rainbow Table Attacks
Rainbow table attacks are a type of attack that attempts to discover the password from the hash. However, they use rainbow tables, which are huge databases of precomputed hashes. It helps to look at the process of how some password crackers discover passwords without a rainbow table. Assume that an attacker has the hash of a password. The application can use the following steps to crack it:
- The application guesses a password (or uses a password from a dictionary).
- The application hashes the guessed password.
- The application compares the original password hash with the guessed password hash. If they are the same, the application knows the password.
- If they aren’t the same, the application repeats steps 1 through 3 until finding a match.
From a computing perspective, the most time-consuming part of these steps is hashing the guessed password in step 2. However, by using rainbow tables, applications eliminate this step. Rainbow tables are huge databases storing passwords and their calculated hashes. Some rainbow tables are as large as 160 GB in size, and they include hashes for every possible combination of characters up to eight characters in length. Larger rainbow tables are also available.
In a rainbow table attack, the application simply compares the hash of the original password against hashes stored in the rainbow table. When the application finds a match, it identifies the password used to create the hash (or at least text that can reproduce the hash of the original password). Admittedly, this is a simplistic explanation of a rainbow table attack, but it is adequate if you don’t plan on writing the algorithm to create your own rainbow table attack software.
Salting passwords is a common method of preventing rainbow table attacks, along with other password attacks such as dictionary attacks. A salt is a set of random data such as two additional characters. Password salting adds these additional characters to a password before hashing it. These additional characters add complexity to the password, and also result in a different hash than the system would create using the original password. This causes password attacks that compare hashes to fail.
Check out this blog post, which covers bcrypt and Password-Based Key Derivation Function 2 (PBKDF2). Both use salting techniques to increase the complexity of passwords and thwart brute force and rainbow table attacks.
Pass the Security+ exam the first time
Passwords are typically stored as hashes. Salting adds random text to passwords before hashing them and thwarts many password attacks.
Birthday Password Attacks
A birthday attack is named after the birthday paradox in mathematical probability theory. The birthday paradox states that for any random group of 23 people, there is a 50 percent chance that 2 of them have the same birthday. This is not the same year, but instead one of the 365 days in any year.
In a birthday attack, an attacker is able to create a password that produces the same hash as the user’s actual password. This is also known as a hash collision.
A hash collision occurs when the hashing algorithm creates the same hash from different passwords. This is not desirable. As an example, imagine a simple hashing algorithm creates three-digit hashes. The password “success” might create a hash of 123 and the password “passed” might create the same hash of 123. In this scenario, an attacker could use either “success” or “passed” as the password and both would work.
Birthday attacks on hashes are thwarted by increasing the number of bits used in the hash to increase the number of possible hashes. For example, the MD5 algorithm uses 128 bits and is susceptible to birthday attacks. Secure Hash Algorithm version 2 (SHA-2) can use as many as 512 bits and it is not susceptible to birthday attacks.
A hybrid attack uses a combination of two or more attacks to crack a password. As an example, a dictionary attack can use a dictionary of words, but also combine it with a brute force attack by modifying the words. For example, after using all the words in the dictionary, a password cracker can append all the words with a number such as 1 and try them.