Rainbow attack

Rainbow attack is an implementation of the Faster Cryptanalytic Time-Memory Trade-Off method developed by Dr Philippe Oechslin. The idea is to generate the password hash tables in advance (only once), and during the audit/recovery process, simply look up the hash in these pre-computed tables. Such process dramatically reduces the auditing time (especially for complex passwords). Due to the nature of this attack, not all passwords can be found (although with a probability which can be as high as needed).

To access Rainbow attack settings, switch the Attack type to Rainbow, and click on the Rainbow attack tab (second tab, next to the Hashes tab). If you already have the tables, click on the Rainbow tables list button, and you will be able to browse for the tables for further attack (you can add several tables at once), remove the tables from the list, and move them up and down; when completed, press Close, and proceed with the attack itself.

To create your own tables, press the Generate tables button. There are a few settings there:

LM and NTLM hash tables can be generated; see About Windows passwords for details on hash types.

Minimum and Maximum; typically, from 1 to 7 (to cover all password space for LM hashes). However, if you want to audit just 6-character passwords (and second halves of passwords that are from 8 to 15 characters long), you can create more effective and still relatively small tables for length from 1 to 6.

Typical values are from 1000 to 10000. When this value is increased, you get better probability, but worse generation and cryptanalysis times.

Chain count affects the table size (and so disk space), table size, probability and generation time (but not cryptanalysis time).

Number of tables to generate, or indexes of tables if you distribute the table generation process across a few computers. More tables you have, the better success rate is achieved. For example, if one table gives a probability of 60% (0,6), two tables will give 1 - (1 - 0,6) * (1 - 0,6) = 0,84 (84%). With three such tables, the probability is already 1 - (1 - 0,6) ^ 3 = 0,936 (93,6%). But of course, the total space also increases dramatically.

Press Browse to select the folder to save generated tables to (before starting the generation process, please verify that there is enough free space there).

Once all parameters are selected, PPA immediately calculates the key space (the total number of passwords in the given range; actually, it depends only on the character set and password length), disk space (size of each table multiplied by number of tables), and success probability. You can also run the benchmark: press Start, and PPA calculates the speed of your computer on these operations, and so the table precomputation time, total precomputation time, and maximum cryptanalysis time.

There are some typical configurations (for LM hash type, length from 1 to 7; the time is calculated for Pentium 4 3.0GHz CPU) you can use, for example:

	#1	#2	#3	#4
Charset	alpha	alpha-numeric	alpha-num-sym14	all
Chain length	2,100	2,400	12,000	20,000
Chain count	8,000,000	40,000,000	40,000,000	100,000,000
Tables	5	7	13	20
Success rate	99.9%	99.9%	99.9%	99,3%
Total space	640 Mb	4,480 Mb	8,320 Mb	32,000 Mb
Max gen. time	17h	5d 14h	52d	332d
Max analysis time	7 s	14 s	11 m	48 m

The tables for first three configurations can fit into one CD, DVD (Single Layer) and DVD (Double Layer), respectively. For the last configuration (with a complete character set), they take about 32 gigabytes and need 369 days to generate (so you have to use multiple computers), but with such tables, any password can be recovered in just about an hour with 99,3% probability. Normally, it would take up to 3 weeks to recover such password using a brute-force attack.