<< Click to Display Table of Contents >> Navigation: System and Data Recovery Programs > Proactive Password Auditor > How to work with the program > Password cracking > Rainbow attack |
The Rainbow attack is an implementation of the Faster Cryptanalytic Time-Memory Trade-Off method developed by Dr Philippe Oechslin. The idea is to generate the password hash tables in advance (only once), and during the audit/recovery process, look up the hash in these pre-computed tables. This process dramatically reduces the required time, especially for complex passwords. Due to the nature of this attack, some passwords may not be recovered; however, you may use rainbow tables with as high success probability as required.
To access Rainbow attack settings, switch the Attack type to Rainbow, and click on the Rainbow attack tab. Click on the Rainbow tables list button and browse for the tables for further attack (you can add several tables at once), remove the tables from the list, and move them up and down; when completed, press Close, and proceed with the attack itself.
The program also supports indexed rainbow tables that are available at http://www.freerainbowtables.com.
To create your own tables, press the Generate tables button.
LM and NTLM hash tables can be generated; see About Windows passwords for details on hash types.
Minimum and Maximum; typically, from 1 to 7 (to cover all password space for LM hashes). However, if you want to audit only the 6-character passwords (and second halves of passwords that are from 8 to 15 characters long), you can create more effective and still relatively small tables for length from 1 to 6.
Available choices:
•alpha: capital letters only (26)
•alpha-space: capital letters plus space character (27)
•alpha-numeric: capital letters plus digits (36)
•alpha-numeric-space: capital letters plus digits and space character (37)
•alpha-numeric-symbol14: capital letters, digits, and 14 most-common symbols: !@#$%^&*()-_+= (50)
•alpha-numeric-symbol14: capital letters, digits, space and 14 most-common symbols: !@#$%^&*()-_+= (51)
•all: capital letters, digits and 32 printable symbols including space (69)
Typical values are from 1000 to 10000. When this value is increased, you get better probability, but worse generation and cryptanalysis times.
Chain count affects the table size (and so disk space), table size, probability and generation time (but not cryptanalysis time).
Number of tables to generate, or indexes of tables if you distribute the table generation process across several computers. The more tables you have, the better success rate is achieved. For example, if one table gives a probability of 60% (0,6), two tables will give 1 - (1 - 0,6) * (1 - 0,6) = 0,84 (84%). With three such tables, the probability is already 1 - (1 - 0,6) ^ 3 = 0,936 (93,6%). But of course, the total space also increases dramatically.
Press Browse to select the folder to save generated tables to (before starting the generation process, please verify that there is enough free space there).
Once all parameters are selected, PPA immediately calculates the key space (the total number of passwords in the given range; actually, it depends only on the character set and password length), disk space (size of each table multiplied by number of tables), and success probability. You can also run a benchmark: press Start, and PPA calculates the speed of your computer on these operations, and so the table precomputation time, total precomputation time, and maximum cryptanalysis time.
There are some typical configurations (for LM hash type, length from 1 to 7; the time is calculated for Pentium 4 3.0GHz CPU) you can use, for example:
#1 |
#2 |
#3 |
#4 |
|
Charset |
alpha |
alpha-numeric |
alpha-num-sym14 |
all |
Chain length |
2,100 |
2,400 |
12,000 |
20,000 |
Chain count |
8,000,000 |
40,000,000 |
40,000,000 |
100,000,000 |
Tables |
5 |
7 |
13 |
20 |
Success rate |
99.9% |
99.9% |
99.9% |
99,3% |
Total space |
640 Mb |
4,480 Mb |
8,320 Mb |
32,000 Mb |
Max gen. time |
17h |
5d 14h |
52d |
332d |
Max analysis time |
7 s |
14 s |
11 m |
48 m |
For the last configuration (with a complete character set), the tables take about 32 gigabytes and required 369 days to generate, but with such tables, any password can be recovered in about an hour with a probability of 99,3% . Normally, it would take up to 3 weeks to recover such passwords using a brute-force attack.