0

I know how to use rainbow tables. I've already read the other questions this topic here.

Well but there is still one question left. As an attacker, I usually have a hash value of a password and everything I read says that you have to start at the end of a chain and then apply the reduction function, the hash function an so on, until you find the given hash value.

Another way to get the password could be to start with the plaintext, calculate the hash, reduce the hash until I find my given Hash value. So there is no need to reconstruct the complete chain.

Why do I have to start with a hash value and not with a plaintext?

Adi
  • 43,953
  • 16
  • 137
  • 168
MrX
  • 1
  • 1
  • So, what's your question? – Adi Dec 04 '13 at 16:11
  • Why do I have to start with a hash value and not with a plaintext? – MrX Dec 04 '13 at 16:11
  • I've included that in your original question. Please make sure you to always clarify your question so you'd have a better chance of getting them answered. – Adi Dec 04 '13 at 16:13

1 Answers1

0

Rainbow tables and hash tables pre-calculate password hash data. The point of them is to greatly reduce the time it takes to recover passwords by using computing resources before they are needed.

I'm not sure what you mean by start with a hash value, so here are multiple answers:

  • You may be asking why you match a pre-calculated hash to a target hash, rather than looking at the password possibilities first. If you are talking rainbow tables then you cannot pick a specific list of plaintext values to try, that's now how rainbow tables work. With hash tables if you want to find out the password for a given hash the most efficient way to do it is to do a db lookup on it. If you were looking for specific passwords in a list of hashes then you could limit the lookup to specific password plaintext, in my view that would be a bit pointless.
  • If you are talking about calculating hashes and comparing them to hashed passwords then you are describing a completely different technique, either a brute force or dictionary attack. If you have rainbow tables and hash tables that would be a complete waste of time, kind of like turning a speedboat's engines off and using oars instead
GdD
  • 17,321
  • 2
  • 41
  • 63
  • Thank You. The first point was the one I was looking for! – MrX Dec 04 '13 at 16:39
  • 1
    Ummm, no. This answer contains some inaccuracies. Please have a look at ["What are rainbow tables and how are they used?"](http://security.stackexchange.com/questions/379/what-are-rainbow-tables-and-how-are-they-used) for a better understanding of what rainbow tables actually are. – Adi Dec 04 '13 at 17:03