January 14, 2012 at 9:37 pm
Comments posted to this topic are about the item Rainbow Table
January 15, 2012 at 3:26 am
I never heard of this Steve:-D.
Thanks for the question.
M&M
January 15, 2012 at 8:57 am
Back to getting QotDs right, thank goodness. Disappointed the correct answer did not involve leprechauns or colour names.
Paul White
SQLPerformance.com
SQLkiwi blog
@SQL_Kiwi
January 15, 2012 at 12:01 pm
Well, I managed to get this one wrong, but only because I guessed wrongly as to which of the incorrect options would count as "correct". It's a good question except that (a) the correct answer isn't offered as an option and (b)the "correct" answer is so utterly wrong as to amaze me. The wikipedia article referenced in the explanation makes the wrongness of the answer absolutely clear, so we have an swer/explanation which are apparently based on material that directly contradicts them.
The "correct" option describes a (partial) dictionary for a hash, which is not a rainbow table. A rainbow table is a table of start and end elements of hash chains which use distinct reduction functions at each step; it can never list a word with its hash, because it contains only the end (first and last) elements or each chain, and a word and its hash are adjacent elements of the chain, one of which will be internal since othewise there is no chain, so it's not even true that the "correct" answer describes some particular restricted version of a rainbow table: what it describes is something which cannot be a rainbow table.
Originally hash chain tables tables, which contain the first and last elements or chains using the same reduction function at each step, were intended to reduce the space cost of hash-breaking compared with using a hash dictionary; but they have a space inefficiency because two chains which collide anywhere introduce a lot of redundancy. Rainbow tables were invented to eliminate this particular space inefficiency, using a distinct reduction function at each step to ensure that two chains which collide introduce serious space inefficiency only if the collision position on each of the two chains is the same (and since there are thus fewer collisions that cause inefficiency it is computationally less expensive to throw out collisions and introduce new chains when creating the table than it was with the original hash chain tables). So they are two generations of theory and invention beyond the simple dictionary that this question and answer claim they are.
I went for the "break MD5" answer because all the other answers are hoplessly wrong but I think that it was in the context of MD5 hashes that rainbow tables were first proposed so although that answer too is wrong it has at least some connection to reality.
Tom
January 16, 2012 at 2:10 am
mohammed moinudheen (1/15/2012)
I never heard of this Steve:-D.Thanks for the question.
+1
January 16, 2012 at 3:07 am
It's encouraging that 8 people so far have gone for the Leprechaun answer. It's not all about the points π
January 16, 2012 at 3:20 am
Leprechauns :hehe:
January 16, 2012 at 5:00 am
L' Eomot InversΓ© (1/15/2012)
Well, I managed to get this one wrong, but only because I guessed wrongly as to which of the incorrect options would count as "correct". It's a good question except that (a) the correct answer isn't offered as an option and (b)the "correct" answer is so utterly wrong as to amaze me. The wikipedia article referenced in the explanation makes the wrongness of the answer absolutely clear, so we have an swer/explanation which are apparently based on material that directly contradicts them.
I used to do ethical hacking and I used to call these dictionary attacks. It was quite easy because you already had your table of passwords and hashes. Then, you'd get your Unix/Linux user file (mirroring makes that more difficult now) and process those hashed passwords through your "dictionary" table and once you find a match, you will have your unencrypted password.
Some of the duplicates are being produced by two different passwords having the same hash value. That didn't matter when you're trying to sign in as one of the users. If their password was "abcdefg" and that produced a hash of 1kl5 and you encrypted a password of "12345678" and it produced the same hash of 1kl5, you could still log in as that user with the wrong password.
So, in short, I believe the answer and explanation is very correct. Perhaps the Wikipedia article made it appear more confusing than it really is.
January 16, 2012 at 5:46 am
Never heard of this before. Learned something new today. Thanks for the question.
http://brittcluff.blogspot.com/
January 16, 2012 at 5:49 am
Now that was something I didn't know about.
I knew the answer wouldn't be leprechaun though. π
Thank you for the question.
Best regards,
Andre Guerreiro Neto
Database Analyst
http://www.softplan.com.br
MCITPx1/MCTSx2/MCSE/MCSA
January 16, 2012 at 6:52 am
Nice question, learned something new today
January 16, 2012 at 7:01 am
I have very limited knowledge about this topic. Took an educated guess and nailed it.
Great question for further reading. Thanks!
---------------
Mel. π
January 16, 2012 at 8:38 am
Great question! Was not very familiar with this topic so I leaned something new today. π
January 16, 2012 at 8:47 am
I was surprised to see a question about this here. Now that has me thinking of importing some rainbow tables into SQL Server...hmmm:cool:
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
January 16, 2012 at 10:05 am
Forced me to to a bit of searching... Thanks, Steve!
Viewing 15 posts - 1 through 15 (of 24 total)
You must be logged in to reply to this topic. Login to reply