RAR密码，为什么彩虹表不工作？ [英] RAR passwords, why don't rainbow tables work?

问题描述

我已经查看加密，我看到几个彩虹表的实现像密码（如Windows）的魅力一样。

I've been looking around for encryption and I've seen several implementations of Rainbow Tables work like charm on passwords (say windows).

我还没有看到对RAR文件的Rainbow攻击的实现。为什么是这样什么使RAR加密更安全，免受这些攻击？

I'm yet to see an implementation of a Rainbow attack on a RAR file. Why is it so. What makes RAR encryption more secure and immune to these sorts of attacks?

推荐答案

彩虹表是反转哈希函数的优化：找到所有的密码是它的哈希。虽然这并不是绝对必要的，但我建议您阅读什么是彩虹表，它们是如何使用的？它有一个非常好的解释，清除了一些常见的误解。

A rainbow table is an optimization for inverting hash functions: finding the password when all you have is its hash. Although this is not strictly necessary here, I recommend reading What are rainbow tables and how are they used? which has a very good explanation that clears a few common misconceptions.

RAR加密有两个部分关于任何使用密码加密某些数据的东西）。首先，使用密钥导出功能（KDF）从密码导出加密密钥。然后加密密钥用于加密或解密数据。

There are two parts to RAR encryption (or just about anything that uses a password to encrypt some data). First, an encryption key is derived from the password, using a key derivation function (KDF). Then the encryption key is used to encrypt or decrypt the data.

即使KDF是哈希函数，彩虹表也不会有帮助：攻击者没有KDF的输出。当密码用于认证时，KDF的输出是存储在数据库中的。当密码用于加密时，KDF的输出是攻击者之后的密钥。

Even if the KDF is a hash function, a rainbow table wouldn't help: the attacker does not have the output of the KDF. When a password is used for authentication, the output of the KDF is what's stored in the database. When a password is used for encryption, the output of the KDF is the secret key which is what the attacker is after.

无论如何，彩虹表只帮助反对无盐哈希。 WinRAR 使用良好的KDF （ PBKDF2 ），其中包含盐。

In any case, rainbow tables only help against unsalted hashes. WinRAR uses a good KDF (PBKDF2) which includes a salt.

KDF将可变长度的字符串转换为固定大小的密钥。 KDF的一个关键属性是它必须将不同的地图输入字符串与不同的键进行区分。 加密散列函数（SHA-1，SHA-256，...）实现了这一点。当输入的字符串是人为提供的密码时，还有另外两个重要的属性，一个散列函数不能自己实现：

A KDF transforms a variable-length string into a fixed-size key. A key property of a KDF is that it must distinct map input strings to distinct keys. A cryptographic hash function (SHA-1, SHA-256, …) achieves this. When the input string is a human-provided password, there are two other important properties which a hash function does not achieve on its own:

• 如果两个人选择了相同的密码，那么他们不一定要有相同的密钥。


• KDF的计算速度很慢，所以攻击者无法用强力找到密码。 / li>
  

• If two people choose the same password, they must not end up having the same key.
• The KDF must be slow to compute, so that an attacker cannot find the password by brute force.

盐达到第一个属性。第二个属性是通过这样做来实现的：取密码，附加盐，散列;拿这个哈希，附加盐，哈希很多;重复多次。

A salt achieves the first property. The second property is achieved by doing something like this: take the password, append the salt, hash the lot; take this hash, append the salt, hash the lot; repeat many times.

彩虹表是通过单向功能计算预制的优化：易于在一个方向计算的功能，但几乎不可能逆，即给定x，很容易计算y = f（x），但是给定y，没有已知的方法来找到x，使得除了某种猜测x和检查之外，y = f（x）。散列函数就是这样的。使用对称密钥加密不是这样的：攻击者不能计算f，而不是计算它的倒数。因此，彩虹表无法帮助打破对称加密。

A rainbow table is an optimization to compute preimages through "one-way" functions: functions that are easy to compute in one direction but nigh-impossible to inverse, i.e. given x it is easy to compute y=f(x) but given y there is no known method to find x such that y=f(x) other than somehow guessing x and checking. Hash functions are like this. Encryption with a symmetric key is not like this: the attacker cannot compute f any more than he can compute its inverse. Hence rainbow tables cannot help with breaking symmetric encryption.

这篇关于RAR密码，为什么彩虹表不工作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！