MD5 Rainbow Tables

From Computing and Software Wiki

(Difference between revisions)
Jump to: navigation, search
(Overview)
Line 1: Line 1:
-
 
== Overview ==
== Overview ==
-
A popular way of storing passwords for many websites, forums and other applications are through the use of MD5 hashing.  When a user registers for a subscription and enters a password, that password is more than like passed through a MD5 hash function which outputs an encrypted key.  This encrypted key is stored on a server, to keep a record of it for log in purposes.  The next time the user tries to log in, they enter a password and this password is once again passed through the MD5 hash function and a temporary encrypted key.  This temporary key is compared to the encrypted key that is previously stored and if they match then the server grants this user access.  If the server is compromised, the attacker  
+
A popular way of storing passwords for many websites, forums and other applications are through the use of MD5 hashing.  When a user registers for a subscription and enters a password, that password is more than like passed through a MD5 hash function which outputs an encrypted key.  This encrypted key is stored on a server, to keep a record of it for log in purposes.  The next time the user tries to log in, they enter a password and this password is once again passed through the MD5 hash function and generates a temporary encrypted key.  This temporary key is compared to the encrypted key that is previously stored and if they match then the server grants this user access.  If the server is compromised, the attacker will only be able to retrieve a collection of hashed keys instead of the actual password of the users.
== What is MD5? ==
== What is MD5? ==

Revision as of 04:32, 5 April 2009

Contents

Overview

A popular way of storing passwords for many websites, forums and other applications are through the use of MD5 hashing. When a user registers for a subscription and enters a password, that password is more than like passed through a MD5 hash function which outputs an encrypted key. This encrypted key is stored on a server, to keep a record of it for log in purposes. The next time the user tries to log in, they enter a password and this password is once again passed through the MD5 hash function and generates a temporary encrypted key. This temporary key is compared to the encrypted key that is previously stored and if they match then the server grants this user access. If the server is compromised, the attacker will only be able to retrieve a collection of hashed keys instead of the actual password of the users.

What is MD5?

MD5 is a way for computers/servers to store passwords after applying an algorithm to the original password so that they become encrypted. This method is applied so that if a host compromised, then the passwords will still be encrypted. MD5 hashing is still used in many applications such as websites and forums, so MD5 Rainbow tables are a serious security risk.


What are Rainbow Tables?

Rainbow tables are tables which contain a hashed key and the real password associated with the hashed key. This essentially makes a rainbow table a lookup table.



How it works

Since the MD5 algorithm is just one single function that transforms a password to an encrypted hashed key after passing an algorithm, one can make a complete table of all the different combination. The main key to using rainbow tables instead of cracking on the fly is that rainbow tables offer a time-memory tradeoff. Cracking on the fly may take a very long time with a much lower percentage of success. However, by having all the combination that are possible in a table, one can just compare the stolen hashed key to find a match in the table and they will have discovered the original password.



Time-Memory Tradeoff

Earlier time-memory tradeoff was introduced, so what is the time-memory tradeoff in using MD5 rainbow tables?



Personal tools