On Wed, Jul 24, 2013 at 9:53 AM, Jim Henderson
On Wed, 24 Jul 2013 09:07:49 -0400, Greg Freemyer wrote:
On Wed, Jul 24, 2013 at 12:48 AM, Jim Henderson
wrote: On Tue, 23 Jul 2013 23:14:32 -0400, Greg Freemyer wrote:
If people use a relatively short password, a rainbow attack is not significantly slowed down by strong encryption, no matter how strong it is.
It is if you salt the password, which eDirectory has done for years.
Rainbow tables are rendered completely useless by salting the password with an effective algorithm.
Jim,
I should know the answer to this, but if that is true why can so many systems be attacked via rainbow tables?
My multiple choice answers (guesses):
- They didn't setup a salt value at all
- Often in mass produced software like MS Windows, a single salt value is used for the entire install base, so the bad guys can build a rainbow table on one box, but use it millions of places.
- Other
I don't know for certain, but I know not all crypto systems use salt values. It does increase the complexity of the algorithm, so I'd guess it's a trade-off of different features.
I can tell you that for something like BitLocker (which is full disk encryption that comes with certain releases of Windows Vista, and all editions of Windows 7/8), they do use salt in the encryption algorithm. I was recently working on a project for a client where that was germane to the work I was doing.
To my knowledge, Windows doesn't use a single salt value across all installations (that would kinda defeat the purpose, and while I know that liking Windows isn't a popular thing in Linux communities, perpetrating false information about Windows also isn't a goo thing to do, either. We can compare on the merits without making stuff up. ;) )
Jim
I can say with confidence that at least one form of Windows XP authentication is attackable via rainbow tables (LM - Lan Manager). That version actually breaks the maximum length 14 char password into 2 7-char pieces and keeps the 2 hashed tokens in the SAM (Security Access Manager) database. Because of the way they break it up, cracking the LM authentication system just requires cracking the maximum complexity of 2 7-char passwords. Rainbow tables exist for that authentication system, so a good hacker can crack those passwords in short order once they get the SAM database. You can get the LM hash rainbow tables for free from ophcrack: http://ophcrack.sourceforge.net/tables.php Notice the almost 100% success rate on that page for LM hashes (That's the Lan Manager authentication system hashes). They do restrict the character set of what is used to create the rainbow tables, so you can see they have a separate table for German characters. Then note that further down on the same page they have rainbow tables for Vista / Win7 systems (NT Hashes) Those don't have the 7-char segment issue, so successful rainbow table attack is lower. You can see they have free tables that will crack simple/low character count passwords. Then they sell more comprehensive rainbow tables for Vista / Win7 lower down on the page. Back to SALT. My question in part is why are there rainbow tables available for attacking Windows LM and NT based authentication systems if rainbow tables can be made useless by simply applying a SALT parameter. Is it that Microsoft uses a common SALT for all LM based systems and also uses a common SALT for all NT based authentication systems? fyi: I do have other places I can go ask this. I only asked it here because you implied rainbow table based attacks are easily overcome by using a SALT, whereas I know that rainbow table based attacks are heavily used by bad guys, so I felt an implied contradiction between what I knew and what you said. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org