One thought on “Learn Computers Series: Online Security

  1. More on dictionaries, hash, and rainbows:

    Dictionary – list of commonly used passwords (12345, letmein, password)

    Hash – (one way cipher) password (5F4DCC3B5AA765D61D8327DEB882CF99) – different from encryption as encryption is designed to be converted back with a key. Hashing creates a digital ‘signature’ without consideration for reversing it.

    Rainbow Table – joined list of dictionary and hash (password:5F4DCC3B5AA765D61D8327DEB882CF99)

    Hash Algorithm – program that converts a password to a hash

    Toast – bread having gone through the Maillard reaction (a nonenzymatic browning caused by heat released from the resistance of a heating element to an applied electrical current)

    A hash is the version of your password stored on a secure system. When you enter your password, it is passed through a program that creates this unrelated version via one way cipher. Usually the hashed version cannot be converted back into the normal version that you originally typed. This way, even if we were to get the passwords stored on the system, they would be the useless hashed versions.

    …you cannot “untoast” the toast.

    BUT say each type of taster left a certain burn mark. Oh, that diagonal burn means it came from a KitchenAid or that Leo face means it came from an LCDS Mk III ToastKing. Now, if we had each type of toaster (hash algorithm), we could run bread through it and get the telltale toast (hash). We could then simply look at a finished toast and be all like – yo, that’s totally from an Oyster toaster.
    SO if we had a list of common passwords – like: 123, 1234, kitty, cat, mywife, 12qwaszx, password, Password!, SeeYouNextFriday, and many…many more (the dictionary) – we could run those through each algorithm and create a collection of hashes that match their algorithms.

    We have created a rainbow table (a list of normal and hashed versions of passwords).
    123 -> 202CB962AC59075B964B07152D234B70
    1234 -> 81DC9BDB52D04DC20036DBD8313ED055
    kitty -> CD880B726E0A0DBD4237F10D15DA46F4
    cat -> D077F244DEF8A70E5EA758BD8352FCD8
    mywife -> 9BA394561B6A351E69095832A8BD22E1

    NOW we just need to figure out which hash algorithm the system uses – it may be listed on the login page, looked up based on the product you are logging into, or just take a guess as there are only a few widely use types. We now know which of our rainbow tables to use – the one that matches the encryption algorithm.

    FINALLY we take the hashed password we pulled from the system (how we got that is a story for a different day) and search for it in our rainbow table.

    CD880B726E0A0DBD4237F10D15DA46F4 ??? Haha, this dope’s password is kitty! Now we are in. Now we are you. We have figured out which toaster you used and all your bread belong to us.

    TLDR: Summary – Don’t go online.

Comments are closed.

Comments are closed.