Ungavumeli ukuba igama lakho elihle likhohlise, ezi zinto ziyikrakra.
Nangona ucinga ngeTablebow Tables njengefenitshala enemibala ebalahlekileyo, abo akusibo esiza kuxoxa nabo. Iileta ze-Rainbow esizithethayo zisetyenziselwa ukupasa amaphasiwedi kwaye sisinye esinye isixhobo kwi-arsenal ekhulayo.
Yiyiphi i-Rainbow Tables? Kungenzeka njani ukuba into enegama elihle nelihlazo linokulimaza?
Umxholo oyintloko emva kweeTables Rainbow
Ndiyindoda embi esandula ukutsala i-thumb drive kwi-server okanye kwindawo yokusebenzela, ibuyiselwe kwakhona, kwaye iqhube inkqubo eyenza ikopi yefayile ye-database ekhuselekileyo enegama lomsebenzisi kunye namaphasiwedi kwinqwelo yam isondo.
Amaphasiwedi kwifayile ayibhaliweyo ukuze ndikwazi ukuwafunda. Ndiza kufuneka ndiqhekeze amaphasiwedi kwifayili (okanye ubuncinane iphasiwedi yomlawuli) ukuze ndibenzisebenzise ukufikelela kwinkqubo.
Ziziphi iindlela zokupasa amaphasiwedi? Ndingazama kwaye ndisebenzise inkqubo yokuqhawula iphasiwedi enamandla enjenge-John the Ripper, ephuma kwifayili yephasiwedi, ezama ukuhlaziya ngokucacileyo yonke inhlanganisela enokwenzeka yephasiwedi. Inketho yesibini kukulayisha isichazamazwi sokuphambuka kwegama eliqukethe amakhulu amabini amaphasiwedi aqhelekileyo asetyenzisiweyo kwaye ubone ukuba ufumana phi na. Ezi ndlela zingathatha iiveki, iinyanga, okanye neminyaka ukuba amaphasiwedi anamandla ngokwaneleyo.
Xa iphasiwedi "ivivinywa" malunga nenkqubo "inqabile" isebenzisa ukubethela ukuze iphasiwedi yangempela ingathunyelwa kumbhalo ocacileyo kumgca wolwazi. Oku kuvimbela i-eavesdroppers ekunqumeni iphasiwedi. I-hashi yephasiwedi idla ngokubonakala njengeqela lelamba kwaye ngokuqhelekileyo ubude obude kunephasiwedi yangaphambili. Iphasiwedi yakho ingaba "shitzu" kodwa i-hash yephasiwedi yakho ibonakala ngathi "7378347eedbfdd761619451949225ec1".
Ukuqinisekisa umsebenzisi, inqubo ithatha ixabiso le-hash elidalwe ngumsebenzi wephasiwedi ekwikhompyutheni yomxhasi kwaye uyayithelekisa kwixabiso le-hash egcinwe kwitheyibhile kwiseva. Ukuba ukuhluthwa kufana, umsebenzisi uqinisekisiwe kwaye unikwe imvume yokungena.
Ukuhlawula iphasiwedi yindlela yomsebenzi ongu-1, oku kuthetha ukuba awukwazi ukuchithwa i-hash ukuze ubone ukuba umbhalo ocacileyo wephasiwedi. Akukho sitshixo sokwenza i-hash ifake ikhefu emva kokuba idalwe. Akukho "indandatho yokumisela" ukuba uthanda.
Iiprogram zokuqhawula iphasiwedi zisebenza ngendlela efanayo kwenkqubo yokungena ngemvume. Inkqubo yokuqhawula iqala ngokuthatha iiphasiwedi eziphazamisayo, zibenza nge-algorithm ye-hash, efana ne-MD5, ize ifanise umkhiqizo we-hash kunye nenkunkuma kwifayili yephasiwedi eyebiweyo. Ukuba ufumana umdlalo ngoko inkqubo ikhehlile iphasiwedi. Njengoko sathi ngaphambili, le nkqubo ingathatha ixesha elide kakhulu.
Faka iTables Rainables
Iingqungquthela ze-Rainbow ziyizona zixhobo ezinkulu zeetrafti eziphambili ezizaliswe ngamaxabiso ase-hash eziphambili ngokufanayo kwiiphasiwedi ezichazayo. Iingqungquthela ze-Rainbow zivumela abacuki ukuba baphinde baphendule umsebenzi we-hashing ukuze baqaphele ukuba yiliphi igama lephasiwedi elibizayo. Kunokwenzeka ukuba amagama amaninzi ahlukeneyo aphumelele kwi-hash efanayo ngoko kungabalulekanga ukufumanisa ukuba iphasiwedi yasekuqaleni yayinjani, nje kuphela nje xa inesimo esifanayo. Iphasiwedi echasayo ayinakuba yi-password efanayo eyadalwa ngumsebenzisi, kodwa nje ngokuba i-hash ifanelwe, ke akunandaba nokuba yintoni iphasiwedi yangaphambili.
Ukusetyenziswa kweTablebow Tables kuvumela ukuba amaphasiwedi aphuhliswe kwisixa esifutshane kakhulu xa kuthelekiswa neendlela ezinamandla, kodwa u-trade-off kukuba kuthatha ubuninzi bokugcina (ngamanye amaTerabyte) ukugcina iTablebow Tables ngokwabo, Ukugcina le mihla ininzi kwaye ixabiso elincinci kwaye lo msebenzi-ntengiso awuyinto enkulu njengeminyaka elishumi eyadlulayo xa i-terabyte imoto ayiyiyo into ongayifumana kwi-Best Buy yasekhaya.
AbaHackers bangakwazi ukuthenga iTables Rainbow Tables ngenxa yokuphambanisa amaphasiwedi ezinkqubo zokusebenza ezisengozini ezifana ne-Windows XP, i-Vista, i-Windows 7 kunye nezicelo zisebenzisa i-MD5 ne- SHA1 njengendlela yokwenza iphasiwedi yabo (abaninzi abasebenzisi be-intanethi basasebenzisa le ndlela yokulungisa i-hardware).
Indlela Yokuzikhusela Kwi-Rainbow Tables-based Based Attacks
Sifisa ukuba kukho iingcebiso ezingcono kulowo wonke umntu. Sithanda ukuthetha ukuba iphasiwedi eneqinileyo iya kunceda, kodwa oku akunjalo ngokwenene ngenxa yokuba ayinobuthakathaka bephasiwedi leyo yingxaki, kubuthathaka obunxulumene nomsebenzi okhutshweyo ukusetyenziswa ukubethela iphasiwedi.
Iingcebiso ezilungileyo kakhulu esinokubanika abasebenzisi ukuhlala kude nezicelo zewebhu ezithintela ubude bakho bephasiwedi kwinani elifutshane labalinganiswa. Le nto ibonakaliso ecacileyo yendlela yokuqinisekiswa kwegama lokungqinelwa kwephasiwedi endala. Ubude obude bephasiwedi kunye nobunzima bunokuba luncedo, kodwa alukho uhlobo lokukhuselwa oluqinisekileyo. Ukuba ixesha lakho elide lide lide, iifayile ezinkulu ze-Rainbow ziza kufuneka ziqhekeke, kodwa inkohlakalo enezinto ezininzi zinokwenza oku.
Iingcebiso zethu malunga nendlela yokuzikhusela kwiiTablebow Tables zenzelwe ukuba ngabaphuhlisi bezicelo kunye nabaphathi beenkqubo. Ziya kumgca wangaphambili xa kuziwa ekukhuseleni abasebenzisi malunga nolu hlobo lokuhlaselwa.
Nazi ezinye izicwangciso zononophelo ekukhuseleni nokuhlaselwa kweTablebow Table:
- Ungasebenzisi i-MD5 okanye i-SHA1 kumsebenzi wakho we-password. MD5 kunye ne-SHA1 zikhethiweyo zephasiwedi zenze i-algorithms kunye neetafile ezininzi zobuninzi ezisetyenziselwa ukupakisha amaphasiwedi zakhiwa ukujolisa kwizicelo kunye neenkqubo ngokusebenzisa le ndlela. Cinga ukusebenzisa iindlela ezininzi zamanje njengeSHA2.
- Sebenzisa "iTyuwa" yokubhaliweyo kwi-password yakho. Ukongeza ityuwa ye-cryptographic kwi-password yakho yokwenza umsebenzi uya kunceda ukukhusela ekusebenziseni i-Rainbow Tables esetyenziselwa ukupasa amaphasiwedi kwisicelo sakho. Ukubona imizekelo yekhowudi yokusebenzisa ityuwa yokubhaliweyo ukuze uncede "u-Rainbow-Proof" sakho sicelo sicela ukhangele iWebmasters by Design site enegama elikhulu ngesihloko.
Ukuba ufuna ukubona indlela abahlaseli benza ngayo ukuhlaselwa kwephasiwedi usebenzisa iTablebow Tables, unokufunda le nqaku ehle kakhulu malunga nendlela yokusebenzisa le ndlela yokufumana amaphasiwedi akho.