WEBVTT

0
00:02.310 --> 00:09.720
In this lecture we'll discuss rainbow tables! As we've already seen passwords are normally stored

1
00:09.840 --> 00:18.470
in one way hashes. When a passport is created the user types the password in  so called "plain text”

2
00:18.700 --> 00:20.740
or “clear text” form.

3
00:20.740 --> 00:28.660
Then the computer calculates and the stores a one-way hash of the password so that no one, not even 

4
00:28.720 --> 00:34.860
the admin could see the clear text password. For example

5
00:34.880 --> 00:44.200
this is the hash of the password of User 1. Hashes are made to be one way, which means they cannot be

6
00:44.200 --> 00:46.270
reversed or in simple words

7
00:46.300 --> 00:52.510
if you have the hash you cannot find out from what password was the hash generated.

8
00:52.510 --> 00:56.180
A hacker has to crack those hashes.

9
00:56.250 --> 01:02.890
Normally when someone cracks a password hash he generates the hash form a word.

10
01:02.900 --> 01:06.210
then compares it to see if there is a match.

11
01:06.330 --> 01:09.110
If there is the word is the password.

12
01:09.420 --> 01:13.530
If not the hacker will repet this operation.

13
01:13.560 --> 01:20.180
This proves to be really time consuming; it can take days, weeks or even years

14
01:20.550 --> 01:28.610
if we are dealing with a strong password. Rainbow tables on the other hand are based on the principle

15
01:28.700 --> 01:31.400
of a time memory tradeoff.

16
01:31.400 --> 01:39.560
This means that hashes are pre generated by a computer and stored in a large rainbow table file with

17
01:39.680 --> 01:49.040
all of the hashes and words that correspond to them. A rainbow table can be thought of like a dictionary.

18
01:49.120 --> 01:56.530
It holds combinations of characters on one side and their hashed form on the other.

19
01:56.630 --> 02:04.090
Rainbow table cracking can greatly reduce the amount of time it takes to crack a password hash.

20
02:04.090 --> 02:10.050
Plus you can keep the tables so you only have to generate them once.

21
02:10.120 --> 02:17.710
The downside of using rainbow tables is that it takes a very long time to generate them and occupies

22
02:17.860 --> 02:23.080
a lot of storage; but once they are generated they can be easily used.

23
02:24.090 --> 02:32.140
There are a lot of rainbow tables available on the Internet, both free or not.

24
02:32.160 --> 02:39.960
For example you can find a lot of rainbow tables that are free to download at freerainbowtables.

25
02:39.960 --> 02:49.910
com. Each rainbow table is for a specific hash algorithm and we notice how much space they require.

26
02:49.950 --> 02:59.830
For example the rainbow table for all alphanumeric passwords, with a length of 1 to 9, occupies 1 terabyte.

27
03:00.090 --> 03:07.910
The hash algorithm is md5, which is by the way an old and obsolete hashing protocol.

28
03:08.130 --> 03:17.470
If they would use a new protocol like sha512 the size of the rainbow tables would be much larger.

29
03:17.570 --> 03:25.240
Another interesting website is crackstation.net. Crack station uses massive pre computed lookup

30
03:25.240 --> 03:34.190
tables to crack password hashes; crack station lookup tables were created by extracting every word from

31
03:34.190 --> 03:40.960
the Wikipedia databases and adding it to every password list they could find.

32
03:41.090 --> 03:49.550
They also applied intelligent word mangling or brute force hybrid to those word lists to make them

33
03:49.580 --> 03:59.540
much more effective; only for md5 and sha1 hashes the rainbow table is one 190 gigabytes.

34
03:59.570 --> 04:09.230
It also supports a lot of hashing algorithms. The old ones like md5 and sha1, but also new ones

35
04:09.560 --> 04:14.890
like sha256 and sha512. Let's 

36
04:15.110 --> 04:25.020
see how it works. I suppose that the user sets his password as being "apple" and uses md5 as the hash

37
04:25.080 --> 04:25.740
algorithm.

38
04:26.810 --> 04:33.700
Using this online tool I'm selecting md5 and the password "apple".

39
04:33.980 --> 04:38.030
This is its hash that will be stored in a file.

40
04:38.210 --> 04:41.580
I'll paste the hash in crackstation.net.

41
04:46.140 --> 04:49.860
Another user has as password "greenapple".

42
04:49.980 --> 05:01.800
It's calculated using sha1 index stronger having a length of 10 characters so "greenapple". I'll paste

43
05:01.860 --> 05:03.480
the hash in crack station.

44
05:08.540 --> 05:12.940
Let's see the hash of the third password, which is "marverde", 

45
05:13.010 --> 05:15.780
which means green apple in Romanian.

46
05:15.920 --> 05:24.030
I'll select another hash algorithm sha256 marverde.

47
05:24.520 --> 05:28.560
I'm copying the hash and then pasted in crack station;

48
05:34.180 --> 05:36.530
and the last one, a stronger one,

49
05:36.560 --> 05:44.680
let's say, special player, using a very strong algorithm like sha512. I'm selecting the

50
05:44.740 --> 05:48.400
hash algorithm: specialplayer.

51
05:48.550 --> 05:53.430
You can see that its hash is much larger.

52
05:53.470 --> 05:57.770
I am pasting it here; let's crack them!

53
05:57.770 --> 06:00.980
I'm not a robot and crack

54
06:01.010 --> 06:12.800
hashes; wow, we noticed that all passwords have been cracked: the hash, the algorithm and the password.

55
06:14.100 --> 06:22.140
Their hashes were already in the rainbow tables of crackstation.net and the application only

56
06:22.140 --> 06:26.330
searched for those hashes which was a simple operation.

57
06:27.420 --> 06:35.180
Now if a user takes security seriously and sets a strong password it won't be cracked so easily.

58
06:35.220 --> 06:43.680
Let's try a password with a length of at least 10 characters, both lower and uppercase letters, digits

59
06:43.890 --> 06:48.340
and special characters.

60
06:48.350 --> 06:50.530
This is a strong password.

61
06:50.600 --> 06:55.470
It has a length of 10 characters; let's try to crack it.

62
07:06.510 --> 07:08.040
It couldn't be cracked.

63
07:09.450 --> 07:10.200
OK.

64
07:10.280 --> 07:17.570
That's all about rainbow tables for the moment. In the next lectures I'll show you how to generate your

65
07:17.570 --> 07:21.730
own rainbow tables and how to try to crack hashes

66
07:21.830 --> 07:23.870
using the generated tables.