L3arn3r Posted December 25, 2014 Share Posted December 25, 2014 I have recently go through from the archive thread there (digip) a user of this forum spoke about WPA tables to crack WPA so would be appreciate if anyone or (digip) can explain more about it? https://forums.hak5.org/index.php?/topic/15382-wpa-wpa2-security/ Quote Link to comment Share on other sites More sharing options...
cooper Posted December 26, 2014 Share Posted December 26, 2014 (edited) The magic word you're looking for is Rainbow Table which you can consider a reverse-lookup table. Let's assume some idiot wrote insecure forum software that allowed an outside attacker to acquire the contents of the USERS table which, for each user, includes the loginname and the MD5 hash of their password. This outside attacker can take a big wordlist of commonly used passwords, compute the MD5 of that and see if the MD5 produced matches any of the hashes from the tables' contents (this is the Dictionary attack). If the attacker only does this once, fair enough. But if this attacker regularly repeats this Dictionary attack on multiple sources, his machine is going to spend an awful lot of time computing the same MD5 hashes. A more efficient way is for the attacker to compute all the hashes for his wordlist once and keeps track of each hash and the password that is associated with it. It requires more storage space, but the attacker can now take the hash of any account like, say, 'admin' and do a quick look-up to see if he's got a hash for a password that matches the one registered. It might very well be that this password is NOT the actual password of the admin, but since the produced hash is the same, the software won't care. This lookup table is called a Rainbow Table and the way I explained it here is the most basic version. There are alternatives for specific hash types where the hashing algorithm can be split up into multiple distinct steps and the rainbow table also retains these intermediate results because if you get the same intermediate result for this step using another password it can help drastically reduce the keyspace since you know the math that comes after this point will be the same for both passwords. Edited December 26, 2014 by Cooper Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.