I recently got interested in rainbow tables and downloaded RainbowCrack to generate some tables.
I'm wondering if anyone here knows a way to calculate what values to set the chain length and the number of chains to generate a so called perfect rainbow table, depending on the length of the plaintexts and what charset is chosen.
I've tried myself to find a method of finding this but have not succeed, I've even read the paper by the creator (http://lasec.epfl.ch/pub/lasec/doc/Oech03.pdf) but to no avail.
Increasing the chain length means you have fewer chains, so you're going to need less total storage space for the Rainbow tables but the time it takes to crack the hash will increase (to the square of the chainlength). As the Hellman article says, it's a time/memory trade-off, defining the chain length adjusts that trade off because decreasing the size of the chain increases the file size but exponentially decreases the required crack time.
You can use a rainbow table calculator to find the best time/memory trade-off for what you are trying to do: http://www.tobtu.com/rtcalc.php
Having a "Perfect" rainbow table actually means that you have no duplicate or merged chains. So you can still have a table with a 99.9% success rate with a good time/memory trade off that is not "Perfect"...It will just be slower.
Thank you so much for that calculator, it was quite hard to try and figure those things out by myself and then having to generate what I thought would be a 99% accurate table, then search for 500+ strings of randomly generated data to get a representation of how accurate it is and then be wrong and then repeat said process.
I already knew what impact the chain length and amount of chains had on the size and cryptanalysis time but it sure is easier doing it there though.
Just a couple questions though:
How come total success rate says 99% but table success rate is only at 82%?
What is the "tables" value? Is that the table_index value in rainbowcrack? which if I've understood correctly chooses which reduction function to use, so you would run the same command multiple times but with different reduction functions to get in as many solutions as possible without overlapping?
What's the "step generation" value?
It was nice to see that I was right about/understood quite a bit, and again thanks for the calculator!
^You can check the exact commands needed to generate some example tables. So you can check your work there. For example, if you run the commands for the MD5 tables for a 1-8 character plaintext, you should end up with a 160GB .rtc with a 99.9% success rate. You can use those examples to get a general idea of how your results should turn out.
With that being said, the inputs on that calculator are confusing. The "step generation" is actually the number of different files you are splitting each table into, which is the last argument in the generator command, and helps lower total computation time for the tables. The "Tables" value is the number of different "Table Index" values that you set, so it is the number of different reduction functions. The 99.9% is indicating the total success rate of all the tables, the smaller % is the chance each individual table has.
Because a rainbow table is a compressed collection of prehashed values, and modern crypto storage uses randomized salts, you actually would do better to string together several GPU's and do a bruteforce attack, most of the time. Rainbow tables are certainly interesting and useful to learn cryptography concepts with, but arguably it doesn't make sense to trade off memory for time in this way. Using a little bit of social engineering or "Soft" attack vector preparation (setting up a dictionary customized for the attack, etc.) and then bruteforcing will probably work better than rainbow tables most of the time, for most use-cases.
Yeah I checked those examples on the site multiple times but those commands were far from optimal in my scenario, the lab computer at school that I'm doing this on REALLY didn't like chain_length set to 90 000, took a really long time to search through it which is why i didn't use the commands on their site.
I only did this because I heard of rainbow tables listening to some blackhat talk and thought it was really interesting and wanted to learn more about it, I'm aware that salts are used and that rainbow tables are basically useless if the hash was made with a salt. I was just really fascinated of rainbow tables and wanted to learn more about it.
Thank you very much for your help, I should have everything I need now.
Also pyrit is generally the best if you have the space because it can store all the information in a nice database and attack a handshake.. that being said do it on your own network.. if you dont want to you can use cowpatty or air crack.. but pyrit is way faster... Also you will definitley want to increase the chain length if your low on space.. Kali linux by far has the best support for pyrit over all because it is in the ppas and you can install the nvidia toolkit or CALPP app easy