究竟什么是彩虹攻击? [英] What exactly is a rainbow attack?

问题描述

我正在阅读一些关于盐和密码哈希的文章，一些人提到了彩虹攻击.究竟什么是彩虹攻击?预防它的最佳方法是什么?

I was reading a few articles on salts and password hashes and a few people were mentioning rainbow attacks. What exactly is a rainbow attack and what are the best methods to prevent it?

推荐答案

维基百科的文章有点难以理解.简而言之，您可以将彩虹表视为一个包含预先计算的哈希值和计算它们的密码的大型字典.

The wikipedia article is a bit difficult to understand. In a nutshell, you can think of a Rainbow Table as a large dictionary with pre-calculated hashes and the passwords from which they were calculated.

Rainbow Tables 与其他字典的区别仅在于条目的存储方式.Rainbow 表针对哈希和密码进行了优化，因此在保持良好查找速度的同时实现了极大的空间优化.但本质上，它只是一本字典.

The difference between Rainbow Tables and other dictionaries is simply in the method how the entries are stored. The Rainbow table is optimized for hashes and passwords, and thus achieves great space optimization while still maintaining good look-up speed. But in essence, it's just a dictionary.

当攻击者从您那里窃取一长串密码哈希时，他可以快速检查其中是否在彩虹表中.对于那些，Rainbow Table 也将包含它们是从哪个字符串进行哈希处理的.

When an attacker steals a long list of password hashes from you, he can quickly check if any of them are in the Rainbow Table. For those that are, the Rainbow Table will also contain what string they were hashed from.

当然，散列太多了，无法将它们全部存储在彩虹表中.因此，如果哈希不在特定表中，那么黑客就不走运了.但是，如果您的用户使用简单的英文单词并且您只对它们进行了一次哈希处理，那么好的彩虹表很有可能包含密码.

Of course, there are just too many hashes to store them all in a Rainbow Table. So if a hash is not in the particular table, the hacker is out of luck. But if your users use simple english words and you have hashed them just once, there is a large possibility that a good Rainbow Table will contain the password.

这篇关于究竟什么是彩虹攻击?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！