Abstract
As users become increasingly aware of the need to adopt strong password, it brings challenges to digital forensics investigators due to the password protection of potential evidentiary data. On the other hand, due to human nature and their tendency to select memorable passwords, which compromises security for convenience, users may select strong passwords by considering a permutation of dictionary words. In this paper, we discuss the existing password recovery methods and briefly present our previous work on the design of a time-memory tradeoff pre-computed table (Enhanced Rainbow Table) for efficient random password recovery. We then propose the design of an Enhanced Dictionary Based Rainbow Table to integrate the construction of dictionary based permutated passwords and common passwords within the Enhanced Rainbow Table, to incorporate the two promising password recovery approaches. We then present the analysis of the proposed method.
Chapter PDF
Similar content being viewed by others
References
Cain and Abel: Password recovery tool (2011), http://www.oxid.it (retrieved December 2011)
Contini, S., Yin, Y.L.: Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash Collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37–53. Springer, Heidelberg (2006)
Denning, D.E.R.: Cryptography and Data Security. Addison-Wesley Publication (1982)
Dobbertin, H., Bosselaers, A., Preneel, B.: Ripemd-160: A Strengthened version of RIPEMD. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 71–82. Springer, Heidelberg (1996)
Fouque, P.-A., Leurent, G., Nguyen, P.Q.: Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 13–30. Springer, Heidelberg (2007)
Google News (2009), Favorite passwords: ’1234’ and ’password’, http://www.google.com/hostednews/afp/article/ALeqM5jeUc6Bblnd0M19WVQWvjS6D2puvw (retrieved December, 2011)
Hellman, M.E.: A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory IT-26(4), 401–406 (1980)
John The Ripper, Password cracker (2011), http://www.openwall.com (retrieved December 2011)
LCPSoft, Lcpsoft programs (2011), http://www.lcpsoft.com (retrieved December 2011)
Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: ACM Conference on Computer and Communications Security, pp. 364–372 (2005)
National Institute of Standards and Technology, NIST (2002), Secure hash standard. Federal Information Processing Standards Publication 180(2)
Oechslin, P.: Making a Faster Cryptanalytic Time-Memory Trade-Off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003)
Rivest, R.: The MD5 message-digest algorithm. IETF RFC 1321 (1992)
Sasaki, Y., Yamamoto, G., Aoki, K.: Practical password recovery on an MD5 challenge and response. Cryptology ePrint Archive, Report 2007/101 (2008)
Sasaki, Y., Wang, L., Ohta, K., Kunihiro, N.: Security of MD5 Challenge and Response: Extension of APOP Password Recovery Attack. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 1–18. Springer, Heidelberg (2008)
Smyth, S.M.: Searches of computers and computer data at the United States border: The need for a new framework following United States V. Arnold. Journal of Law, Technology and Policy (1), 69–105 (2009)
Thing, V.L.L., Ying, H.M.: A novel time-memory trade-off method for password recovery. Digital Investigation, International Journal of Digital Forensics and Incident Response 6(suppl.), S114–S120 (2009)
Todorov, D.: Mechanics of user identification and authentication: Fundamentals of identity management. Auerbach Publications, Taylor and Francis Group (2007)
Ying, H.M., Thing, V.L.L.: A novel rainbow table sorting method. In: International Conference on Technical and Legal Aspects of the e-Society (CYBERLAWS) (2011)
Weir, M.: Enough with the Insanity: Dictionary Based Rainbow Tabls. ShmooCon (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Thing, V.L.L., Ying, HM. (2012). Enhanced Dictionary Based Rainbow Table. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds) Information Security and Privacy Research. SEC 2012. IFIP Advances in Information and Communication Technology, vol 376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30436-1_42
Download citation
DOI: https://doi.org/10.1007/978-3-642-30436-1_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30435-4
Online ISBN: 978-3-642-30436-1
eBook Packages: Computer ScienceComputer Science (R0)