什么是彩虹袭击？ [英] What exactly is a rainbow attack?

问题描述

我正在阅读一些关于盐和密码哈希的文章，有几个人提到彩虹攻击。什么是彩虹攻击，什么是最好的方法来防止它？

I was reading a few articles on salts and password hashes and a few people were mentioning rainbow attacks. What exactly is a rainbow attack and what are the best methods to prevent it?

推荐答案

维基百科文章有点难以理解。简而言之，您可以将彩虹表视为具有预先计算的哈希值和计算它们的密码的大字典。

The wikipedia article is a bit difficult to understand. In a nutshell, you can think of a Rainbow Table as a large dictionary with pre-calculated hashes and the passwords from which they were calculated.

彩虹表和其他词典只是在方法中如何存储条目。 Rainbow表针对哈希和密码进行了优化，从而实现了优化的空间优化，同时仍保持良好的查找速度。

The difference between Rainbow Tables and other dictionaries is simply in the method how the entries are stored. The Rainbow table is optimized for hashes and passwords, and thus achieves great space optimization while still maintaining good look-up speed. But in essence, it's just a dictionary.

当攻击者窃取了你的密码哈希的长列表时，他可以快速检查他们是否在彩虹表。对于那些，彩虹表也将包含它们从哪些字符串哈希。

When an attacker steals a long list of password hashes from you, he can quickly check if any of them are in the Rainbow Table. For those that are, the Rainbow Table will also contain what string they were hashed from.

当然，有太多的哈希值存储在彩虹表。所以如果哈希不在特定的表，黑客是运气不好。但是如果你的用户使用简单的英语单词，并且你已经哈希他们只有一次，很有可能一个好的彩虹表将包含密码。

Of course, there are just too many hashes to store them all in a Rainbow Table. So if a hash is not in the particular table, the hacker is out of luck. But if your users use simple english words and you have hashed them just once, there is a large possibility that a good Rainbow Table will contain the password.

这篇关于什么是彩虹袭击？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！