彩虹表是通过“单向”函数计算原像的一种优化:在一个方向上很容易计算但几乎不可能逆的函数,即给定 x 很容易计算 y=f(x) 但给定 y除了以某种方式猜测 x 并检查之外,没有已知的方法可以找到 x 使得 y=f(x) 。哈希函数就是这样的。使用对称密钥的加密不是这样的:攻击者无法计算 f ,就像他无法计算其逆一样。因此,彩虹表无法帮助破解对称加密。
A rainbow table is an optimization for inverting hash functions: finding the password when all you have is its hash. Although this is not strictly necessary here, I recommend reading What are rainbow tables and how are they used? which has a very good explanation that clears a few common misconceptions.
There are two parts to RAR encryption (or just about anything that uses a password to encrypt some data). First, an encryption key is derived from the password, using a key derivation function (KDF). Then the encryption key is used to encrypt or decrypt the data.
Even if the KDF is a hash function, a rainbow table wouldn't help: the attacker does not have the output of the KDF. When a password is used for authentication, the output of the KDF is what's stored in the database. When a password is used for encryption, the output of the KDF is the secret key which is what the attacker is after.
A KDF transforms a variable-length string into a fixed-size key. A key property of a KDF is that it must distinct map input strings to distinct keys. A cryptographic hash function (SHA-1, SHA-256, …) achieves this. When the input string is a human-provided password, there are two other important properties which a hash function does not achieve on its own:
If two people choose the same password, they must not end up having the same key.
The KDF must be slow to compute, so that an attacker cannot find the password by brute force.
A salt achieves the first property. The second property is achieved by doing something like this: take the password, append the salt, hash the lot; take this hash, append the salt, hash the lot; repeat many times.
A rainbow table is an optimization to compute preimages through “one-way” functions: functions that are easy to compute in one direction but nigh-impossible to inverse, i.e. given x it is easy to compute y=f(x) but given y there is no known method to find x such that y=f(x) other than somehow guessing x and checking. Hash functions are like this. Encryption with a symmetric key is not like this: the attacker cannot compute f any more than he can compute its inverse. Hence rainbow tables cannot help with breaking symmetric encryption.
Rainbow tables are used to decode Hashes, not encryption. A rainbow table is just a list of precomputed hashes for some set of possible input.
So if you pre-compute the hash for every possible windows password, when you want to recover an unknown password, all you need is the hash from the SAM database and then look it up in the rainbow table. The rainbow table then gives you a password which will correspond to that hash. This is complicated by password salt, but that's the basic idea.
Rainbow tables don't help with breaking encryption. Theoretically you could pre-compute all possible cypher-text for all possible keys and all possible plain-text input, but you'd probably require more bits to store this data than there are atoms in the universe, not to mention that those atoms would probably have boiled away to nothing before you get there. It would be quicker (albeit still prohibitively slow) just to brute-force the key.
Rainbow tables help recover plaintext content from a hash generated by a cryptographic hash function, but RAR files use AES encryption for the file data and headers. It's a different kind of animal.
An easy way to beat a rainbow table for hashed passowrds is to use a salt. I'm not familiar with the encryption in RAR files, but the Wikipedia page says RAR3 uses a badass encryption scheme.
发布评论
评论(4)
彩虹表是对反转哈希函数的优化:当您拥有的只是哈希值时找到密码。虽然这在这里并不是绝对必要的,但我建议阅读 什么彩虹表是什么?它们是如何使用的? 其中有一个很好的解释,消除了一些常见的误解。
RAR 加密(或者任何使用密码加密某些数据的内容)有两个部分。首先,使用密钥派生函数 (KDF) 从密码派生出加密密钥。然后使用加密密钥来加密或解密数据。
即使 KDF 是哈希函数,彩虹表也无济于事:攻击者没有 KDF 的输出。当使用密码进行身份验证时,KDF 的输出就是存储在数据库中的内容。当使用密码进行加密时,KDF 的输出就是攻击者想要的密钥。
无论如何,rainbow 表仅有助于对抗无盐哈希。 WinRAR 使用良好的 KDF(PBKDF2),其中包含盐。
KDF 将可变长度字符串转换为固定大小密钥。 KDF 的一个关键属性是它必须将输入字符串不同地映射到不同的键。 加密哈希函数(SHA-1、SHA-256,...)实现了这一点。当输入字符串是人类提供的密码时,哈希函数本身还无法实现另外两个重要属性:
盐实现了第一个特性。第二个属性是通过执行以下操作来实现的:获取密码,附加盐,对批次进行哈希处理;获取这个哈希值,附加盐,对批次进行哈希处理;重复多次。
彩虹表是通过“单向”函数计算原像的一种优化:在一个方向上很容易计算但几乎不可能逆的函数,即给定 x 很容易计算 y=f(x) 但给定 y除了以某种方式猜测 x 并检查之外,没有已知的方法可以找到 x 使得 y=f(x) 。哈希函数就是这样的。使用对称密钥的加密不是这样的:攻击者无法计算 f ,就像他无法计算其逆一样。因此,彩虹表无法帮助破解对称加密。
A rainbow table is an optimization for inverting hash functions: finding the password when all you have is its hash. Although this is not strictly necessary here, I recommend reading What are rainbow tables and how are they used? which has a very good explanation that clears a few common misconceptions.
There are two parts to RAR encryption (or just about anything that uses a password to encrypt some data). First, an encryption key is derived from the password, using a key derivation function (KDF). Then the encryption key is used to encrypt or decrypt the data.
Even if the KDF is a hash function, a rainbow table wouldn't help: the attacker does not have the output of the KDF. When a password is used for authentication, the output of the KDF is what's stored in the database. When a password is used for encryption, the output of the KDF is the secret key which is what the attacker is after.
In any case, rainbow tables only help against unsalted hashes. WinRAR uses a good KDF (PBKDF2) which includes a salt.
A KDF transforms a variable-length string into a fixed-size key. A key property of a KDF is that it must distinct map input strings to distinct keys. A cryptographic hash function (SHA-1, SHA-256, …) achieves this. When the input string is a human-provided password, there are two other important properties which a hash function does not achieve on its own:
A salt achieves the first property. The second property is achieved by doing something like this: take the password, append the salt, hash the lot; take this hash, append the salt, hash the lot; repeat many times.
A rainbow table is an optimization to compute preimages through “one-way” functions: functions that are easy to compute in one direction but nigh-impossible to inverse, i.e. given x it is easy to compute y=f(x) but given y there is no known method to find x such that y=f(x) other than somehow guessing x and checking. Hash functions are like this. Encryption with a symmetric key is not like this: the attacker cannot compute f any more than he can compute its inverse. Hence rainbow tables cannot help with breaking symmetric encryption.
彩虹表用于解码哈希值,而不是加密。彩虹表只是一组可能输入的预先计算的哈希值列表。
因此,如果您预先计算每个可能的 Windows 密码的哈希值,那么当您想要恢复未知密码时,您所需要的只是 SAM 数据库中的哈希值,然后在彩虹表中查找它。然后,彩虹表会为您提供与该哈希相对应的密码。密码盐使这变得复杂,但这是基本思想。
彩虹表无助于破解加密。理论上,您可以预先计算所有可能的密钥和所有可能的纯文本输入的所有可能的密文,但您可能需要比宇宙中原子更多的位来存储这些数据,更不用说这些原子会在你到达那里之前,可能已经化为乌有。仅仅暴力破解密钥会更快(尽管仍然慢得令人望而却步)。
Rainbow tables are used to decode Hashes, not encryption. A rainbow table is just a list of precomputed hashes for some set of possible input.
So if you pre-compute the hash for every possible windows password, when you want to recover an unknown password, all you need is the hash from the SAM database and then look it up in the rainbow table. The rainbow table then gives you a password which will correspond to that hash. This is complicated by password salt, but that's the basic idea.
Rainbow tables don't help with breaking encryption. Theoretically you could pre-compute all possible cypher-text for all possible keys and all possible plain-text input, but you'd probably require more bits to store this data than there are atoms in the universe, not to mention that those atoms would probably have boiled away to nothing before you get there. It would be quicker (albeit still prohibitively slow) just to brute-force the key.
彩虹表有助于从加密哈希函数生成的哈希中恢复纯文本内容,但 RAR 文件对文件数据和标头使用 AES 加密。这是一种不同种类的动物。
Rainbow tables help recover plaintext content from a hash generated by a cryptographic hash function, but RAR files use AES encryption for the file data and headers. It's a different kind of animal.
破解哈希密码彩虹表的一个简单方法是使用 salt。我不熟悉 RAR 文件中的加密,但是 维基百科页面 说 RAR3 使用 < a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard" rel="nofollow">糟糕的加密方案。
An easy way to beat a rainbow table for hashed passowrds is to use a salt. I'm not familiar with the encryption in RAR files, but the Wikipedia page says RAR3 uses a badass encryption scheme.