Sébastien Combéfis
Hacking Password Hashes with Rainbow Tables
XXX
<p>The <i>« SE507µ Hacking Password Hashes with Rainbow Tables »</i> micro-course is about how to <b>secure a passwords database</b> with hashed passwords and how such a database can be attacked using <b>rainbow tables</b>, a data structure capitalising on time-memory trade-off.</p>
<p>I gave this micro-course once at the <a href="https://www.ecam.be">ECAM Brussels Engineering School</a> (ECAM), in 2020, as a part of the data structure course. The course is taught in French, but all the material is available in English and <a href="/fr/teaching/ucourses/ngram/">in French</a>.</p>
<h2>Documents</h2>
<ul>
<li><a href="/files/ecam/general/ECAM-Competency-Based-Assessment-Slides.pdf">Competency Based Assessment <img src="/images/slides.png" width="16" height="16" alt="Slides"></a></li>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Competencies-List.pdf">Grid of skills to acquire <img src="/images/pdf.png" width="16" height="16" alt="PDF"></a></li>
</ul>
<h2>Theory</h2>
<ul>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Session1-Slides.pdf">Session 1: Hash Function and Password Storage <img src="/images/slides.png" width="16" height="16" alt="Slides"></a></li>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Session2-Slides.pdf">Session 2: Rainbow Table Attack and Password Database Protection <img src="/images/slides.png" width="16" height="16" alt="Slides"></a></li>
</ul>
<h2>Practice</h2>
<ul>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Quizz1.pdf">Quizz 1: Secure password storage <img src="/images/pdf.png" width="16" height="16" alt="PDF"></a></li>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Quizz2.pdf">Quizz 2: Password protection <img src="/images/pdf.png" width="16" height="16" alt="PDF"></a></li>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Quizz3.pdf">Quizz 3: Rainbow table <img src="/images/pdf.png" width="16" height="16" alt="PDF"></a></li>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Coding1.pdf">Coding 1: Brute-force and dictionary attack <img src="/images/pdf.png" width="16" height="16" alt="PDF"></a></li>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Coding2.pdf">Coding 2: Hash chain <img src="/images/pdf.png" width="16" height="16" alt="PDF"></a></li>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Mission1.pdf">Mission 1: Secure password hashing <img src="/images/pdf.png" width="16" height="16" alt="PDF"></a></li>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Mission2.pdf">Mission 2: John the Ripper <img src="/images/pdf.png" width="16" height="16" alt="PDF"></a></li>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Mission3.pdf">Mission 3: RainbowCrack <img src="/images/pdf.png" width="16" height="16" alt="PDF"></a></li>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Project1.pdf">Project 1: Securing a password database <img src="/images/pdf.png" width="16" height="16" alt="PDF"></a></li>
<li><a href="/files/ucourses/rainbowtable/RainbowTable-Project2.pdf">Project 2: My first rainbow table <img src="/images/pdf.png" width="16" height="16" alt="PDF"></a></li>
</ul>
<h2>Resources</h2>
<h3>Reference books</h3>
<ul>
<li>William Stallings and Laurie Brown. (2018). Computer Security: Principles and Practice (Fourth Edition). Pearson. <small>(ISBN: 978-1-292-22061-1)</small></li>
</ul>
<h3>Online resources</h3>
<ul>
<li><a href="https://emn178.github.io/online-tools/index.html">Online tool</a> to compute hash functions.</li>
<li><a href="https://project-rainbowcrack.com">RainbowCrack</a> tool with Rainbow tables available for download.</li>
<li><a href="https://www.grc.com/haystack.htm">GRC's Interactive Brute Force Password "Search Space" calculator</a> to estimate the time needed to brute-force a password.</li>
</ul>