Yes, All Above Questions Will be Answered One by One Below, This is Pretty Basic Question in Newbie Hackers whenever they hear about Cracking Password. I am going to Cover some of the basics below so that People who are unaware of the fact can get glimpse of Rainbow Tables and Understands them.
What is Rainbow Tables ?
WikiPedia Wrote:A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plaintext password, up to a certain length consisting of a limited set of characters. It is a practical example of a space-time tradeoff, using more computer processing time at the cost of less storage when calculating a hash on every attempt, or less processing time and more storage when compared to a simple lookup table with one entry per hash. Use of a key derivation function that employ a salt makes this attack infeasible.
Rainbow tables are an application of an earlier, simpler algorithm by Martin Hellman.
Any computer system that requires password authentication must contain a database of passwords, either hashed or in plaintext, and various methods of password storage exist. Because the tables are vulnerable to theft, storing the plaintext password is dangerous. Most databases therefore store a cryptographic hash of a user's password in the database. In such a system, no one -- including the authentication system -- can determine what a user's password is, simply by looking at the value stored in the database. Instead, when a user enters his or her password for authentication, it is hashed and that output is compared to the stored entry for that user (which was hashed before being stored). If the two hashes match, access is granted.
A thief who steals the (hashed) password table cannot merely enter the user's (hashed) database entry to gain access since the authentication system would hash that a second time, producing a result which does not match the stored value, which was hashed only once. In order to learn a user's password, the thief must reverse the hash to find a password which produces the hashed value. A good authentication system will make this process as difficult as possible by using a one-way hash function, that has a high ratio for the time to invert the function compared to the time to compute the function.
Rainbow tables are one tool people have developed in an effort to derive a password by looking only at a hashed value.
In simple terms, passwords stored in computers are changed from their plain text form to an encrypted value. This value or hash is the result of an algorithmiccalculation designed for the operating system to use, but not to be plainly visible or intelligible to users. Let’s look at an example password and some associated hashes.
Below are Few Forms of Hashes for a word Hacker:-
plaintext : Hacker md4 : 3136853eb744ea85ae4f09a617625a70 md5 : 4baf5897963fc12d1cd8fe1a02eb48fb md5_md5 : 87ffde714866510526546ef9a1db19bb mysql3 : 3573c0604742c698 mysql4_mysql5: *af502ff2fbcd74e9f6b4d973f3968c044cd26f11 ntlm : de7b526765bf839416913f81f3d50541 ripemd160 : f88ac3e4c82d60d755e7fc5410d1a980bffe02a5 gost : 5ae2c723eba2b6dd1a5146b5c4e57dba740a4dc7c2e4b57ba7ced12476b86f84 sha1 : 2d7cd852faf790678785453124f3b4f5d5d25860 sha1_sha1 : ab74e27ff66c236b0762694f6a47b399738660bf sha224 : b452133a03f0212f9d506411a365757d1a8d89194b142d457d87435f sha256 : bda73679ff0137edc8e4ec93be4c9f59344a920e10958cf172d96643f9822f0a sha384 : 36af87a4a0b850d779834eb251a198486609ea5b6133ae9812bd62c758c06d94c86c58e1c107c9d60281a5c9fee0bd9b sha512 : faea6bd2bdea1bd4c5f1d0852f6c17ece1e41735bc05ea31485c90e9ae9d846bbbec197370f91b65efd6bf5ee4f05e297af8d4456cc2f3738255abafd3134130 whirlpool : 67d4385f8c0651dd10ec909001f327f81dd43ec51bd3debbfe28499554b3f8d1af34d0a3e9c41181a3615da6084c8920bfcf4fa8b6f2dd0fd217933996683041
Please Note Above is Just a Sample and does not contain complete list.
How to Use Rainbow Tables ?
You need 2 Things to do this :-
- Small Application that can check against your Computed Hash [You can make your own too if you are programmer]
- List of Hashes [This you can download from internet or torrent, you may find some pretty Good table list. ]
One Good hash List can vary from 5GB - [50-100]GB
But you don't need for every hash. For an Example for Basic Hashes you can google online tools. Before you go and Do Search for Online tools, I would recommend you to understand about different hash format. Simple way to Know about them is with their size length. For an Instance :-
- md4, md5 is 32 characters long.
- sha1 is 40 characters long.
- mysql3 used to be or if someone still uses them than it is 16 characters long.
- mysql4/mysql5 are 41 characters long.
- ntlm is 32 characters long too.
- sha224 is 56 characters long.
- sha256 is 64 characters long.
- sha512 is 126 characters long.
- crypt is 13 characters long.
and list continues....
For Basic Md5, Sha1, Cracking Here are few famous Online tools :-
and list continues...
Where to Download Rainbow Table List ?
Follow the Link, Scroll through Middle of Page and you will see list of Table with Size Listed Aside.
Any Tools that can help Cracking Rainbow table :-
Here is 1 -> http://project-rainbowcrack.com/
Second Google is Your friend if you can't code one.
Few Links to Read More about Rainbow Tables :-
5. Start Googling for More, and if you find more Resource Please reply below on Comment, so that i can add them here in list.
Thanks and Good Luck