Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

レインボーテーブルを使ったハッシュの復号とSalt

10,727 views

Published on

Published in: Technology
  • Be the first to comment

レインボーテーブルを使ったハッシュの復号とSalt

  1. 1. Salt@h13i32maru
  2. 2. Webid uid password1 alice e2fc714c4727ee9395f324cd2e7f331f2 bob 81dc9bdb52d04dc20036dbd8313ed0553 carol 098f6bcd4621d373cade4e832627b4f6
  3. 3. ( ) 1234 81dc9bdb52d04dc20036dbd8313ed055 abcd e2fc714c4727ee9395f324cd2e7f331f qwer 962012d09b8170d912f0669f6d7d9d07 pass 1a1dc91c907325c69271ddf0c944bc72 ... ...※
  4. 4. [0-9A-Za-z-_]MD5 4 640MB 1600 5 50GB 10 6 2.6TB 680 7 167TB 4.4 8 12PB 280
  5. 5. (´ ω )
  6. 6. • Px H() Cx R()• C P1. P1 H() C12. C1 R() P23. P2 H() C24. C2 R() P35. m [ P1→H()→C1→R()→P2→H()→C2→R() ... Cm-1→R()→Pm ]6. P1 Pm P1→Pm7. t m: P1.1 P1.m t : P2.1 P2.m ※m t ... ... Pt.1 Pt.m
  7. 7. Cx1. Cx → R() → P12. P13. 1. Cx 2. ( ) 3.4. Cx → R() → P1 → H() → C1 → R() → P25. P26. 1. Cx 2. ( ) 3.7. m8. m Cx
  8. 8. ( ω ´)
  9. 9. C++ / Openssl 4 [0-9A-Za-z-_] MD5 3000http://h13i32maru.jp/misc/rt/rt.tar.gz
  10. 10. 10010000 75% 100KB20000 82% 200KB30000 91% 300KB40000 96% 400KB (640MB)1600 1
  11. 11. • MacBookPro 10.6.6 / Core2Duo 2.4GHz / 4GB• 40000 / 150 ( ) 40 ( ) 180
  12. 12. (´ ω )
  13. 13. Salt$hash = Sha1( $password . $salt );
  14. 14. Salt•• id uid password 1 alice 1fadcf6eb4345975be993f237c51d426 2 bob 81dc9bdb52d04dc20036dbd8313ed055 3 carol 1fadcf6eb4345975be993f237c51d426 4 evil 1fadcf6eb4345975be993f237c51d426
  15. 15. Salt• Salt id uid Salt• Salt id uid password 1 alice fb592cb4152e2aacaaf452714d283f7e 2 bob 27d5c234335b9762416808e2ace80842 3 carol 4ea88541aecef81df60f1d79a0280053 4 evil eaab7a6ec5c9a138022f8c611c0092f5
  16. 16. Salt(´ ω )
  17. 17. Salt uidSalt
  18. 18. ••• Salt
  19. 19. •• - Wikipedia• md5• salt• password (salt )

×