为什么叫彩虹桌? [英] Why is it called rainbow table?
问题描述
有人知道为什么叫彩虹桌吗?只是想起我们已经了解到有一种称为字典式攻击"的攻击.为什么它不叫字典?
Anyone know why it is called rainbow table? Just remembered we have learned there is an attack called "dictionary attack". Why it is not call dictionary?
推荐答案
因为它包含了可能性的整个范围".
Because it contains the entire "spectrum" of possibilities.
字典攻击是一种仅尝试可能性的蛮力技术.像这样(python伪代码)
A dictionary attack is a bruteforce technique of just trying possibilities. Like this (python pseudo code)
mypassworddict = dict()
for password in mypassworddict:
trypassword(password)
但是,彩虹表的工作方式有所不同,因为它用于反转哈希.散列的高级概述是散列具有许多bin:
However, a rainbow table works differently, because it's for inverting hashes. A high level overview of a hash is that it has a number of bins:
bin1, bin2, bin3, bin4, bin5, ...
对应于输出字符串的二进制部分-这就是字符串以其长度结束的方式.随着哈希的进行,它以不同的方式影响垃圾箱的不同部分.因此,第一个字节(或任何接受的输入字段)的输入会影响(例如,简而言之)3号和4号仓.下一个输入会影响2号和6号.依此类推.
Which correspond to binary parts of the output string - that's how the string ends up the length it is. As the hash proceeds, it affects differing parts of the bins in different ways. So the first byte (or whatever input field is accepted) input affects (say, simplistically) bins 3 and 4. The next input affects 2 and 6. And so on.
rainbow table是给定bin的所有可能性的计算,即对于每个bin,该bin的所有可能的逆.这就是为什么它如此之大的原因.如果第一个bin值是0x1,则需要查找所有bin2值以及bin3的所有值向后遍历哈希的查找列表,最终为您提供一个值.
A rainbow table is a computation of all the possibilities of a given bin, i.e. all the possible inverses of that bin, for every bin... that's why it ends up so large. If the first bin value is 0x1 then you need to have a lookup list of all the values of bin2 and all the values of bin3 working backwards through the hash, which eventually gives you a value.
为什么不将其称为字典攻击?因为不是.
Why isn't it called a dictionary attack? Because it isn't.
正如我看到的上一个问题一样,让我扩展一下您正在寻找的详细信息.理想情况下,从小输入大小到整个文件,加密安全散列都必须是安全的.为整个文件预先计算散列的值将花费很多时间.因此,在一个很小的易于理解的输出子集上设计了一个彩虹表,例如,所有字符a-z在例如10个字符的字段上的排列.
As I've seen your previous question, let me expand on the detail you're looking for there. A cryptographically secure hash needs to be safe ideally from smallish input sizes up to whole files. To precompute the values of a hash for an entire file would take forever. So a rainbow table is designed on a small well understood subset of outputs, for example the permutations of all the characters a-z over a field of say 10 characters.
这就是为什么在这里可以使用密码建议来克服字典攻击的原因.您为哈希输入的所有可能的输入集中的子集越多,则彩虹表就需要包含更多的内容来进行搜索.所需的数据大小最终变得非常大,因此搜索时间也是如此.因此,请考虑一下:
This is why password advice for defeating dictionary attacks works here. The more subsets of the whole possible set of inputs you put into your input for the hash, the more a rainbow table needs to contain to search it. The data sizes required end up stupidly big and so does the time to search. So, think about it:
- 如果输入的
5-8个字符为[a-z]个,那么彩虹表还算不错. - 如果将长度增加到42个字符,那将是一个巨大的彩虹表. 每个输入都会影响散列,因此该散列的垃圾箱也会出现.
- 如果您将数字添加到搜索要求中,那么您将需要进行更多的搜索.
- 与
[A-Za-z0-9]类似.最后,坚持使用[\w],即您能想到的任何可打印字符,然后您又要看一张大桌子.
- If you have an input that is
[a-z]for5-8characters, that's not too bad a rainbow table. - If you increase the length to 42 characters, that's a massive rainbow table. Each input affects the hash and so the bins of said hash.
- If you throw numbers in to your search requirement
[a-z][0-9]you've got even more searching to do. - Likewise
[A-Za-z0-9]. Finally, stick in[\w]i.e. any printable character you can think of, and again, you're looking at a massive table.
因此,使密码又长又复杂会使Rainbow表开始采用蓝光尺寸的数据光盘.然后,按照您的上一个问题,您开始添加salting和哈希派生函数,并提出了解决哈希困难的通用解决方案.
So, making passwords long and complicated makes rainbow tables start taking blue-ray sized discs of data. Then, as per your previous question, you start adding in salting and hash derived functions and you make a general solution to hash cracking hard(er).
这里的目标是保持领先的计算能力.
The goal here is to stay ahead of the computational power available.
这篇关于为什么叫彩虹桌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
