Ungavumeli igama labo elihle likukhohlise, lezizinto ziyesabeka.
Ngenkathi ungase ucabange ngeTablebow Tables njengenfenisha enemibala egqamile, labo akusibo esizoxoxa nabo. Amathebula we-Rainbow esiwakhulumayo asetshenziselwa ukuphazamisa amaphasiwedi futhi ayeseyinye ithuluzi ku-arsenal ekhula njalo.
Yini evezwa yiTablebow Tables? Kungenzeka kanjani ukuthi into enhle kangaka negama elibi kangaka ingaba yingozi kangaka?
I-Concept Basic Behind Rainbow Table
Ngingumfana omubi osanda kuvula isikhwama sesithupha kwiseshini noma emsebenzini, ukuyivuselela kabusha, futhi ugijime uhlelo olukopisha ifayela le-database lokuphepha elinamagama omsebenzisi namaphasiwedi ekuhambeni kwami kwesithupha.
Amaphasiwedi efayela alibhalisiwe ukuze ngingakwazi ukufunda. Kuzodingeka ngiqede amaphasiwedi efayeleni (noma okungenani iphasiwedi yomlawuli) ukuze ngiwasebenzise ukufinyelela ohlelweni.
Yiziphi izinketho zokuphambanisa amaphasiwedi? Ngingazama futhi ngisebenzise uhlelo lokukhwabanisa iphasiwedi elinamandla njengoJohn the Ripper, elihamba ngefayili yephasiwedi, ezama ukulinganisa yonke inhlanganisela ekhona yephasiwedi. Inketho yesibili ukulayisha isichazamazwi sokuphazamisa iphasiwedi equkethe amakhulu ezinkulungwane zamaphasiwedi asetshenziswe njalo bese ubona ukuthi ithola yini i-hits. Lezi zindlela zingathatha amasonto, izinyanga, noma ngisho neminyaka uma amaphasiwedi enamandla ngokwanele.
Uma iphasiwedi "ivivinywa" ngokumelene nesistimu "ishabalale" isebenzisa ukubethela ukuze iphasiwedi yangempela ingathunyelwa kumbhalo ocacile kuwo wonke umugqa wokuxhumana. Lokhu kuvimbela ama-evesdroppers ekunqumeni iphasiwedi. I-hash yephasiwedi ivame ukubukeka njengesiqu semfucumfucu futhi ngokuvamile ubude obuhlukile kunephasiwedi yangempela. Iphasiwedi yakho ingahle ibe "shitzu" kodwa i-hash yephasiwedi yakho izobukeka sengathi "7378347eedbfdd761619451949225ec1".
Ukuze uqinisekise umsebenzisi, uhlelo lithatha inani le-hash elidalwa umsebenzi we-password hashing kwikomera yeklayenti futhi lilifanisa nenani le-hash eligcinwe etafuleni kuseva. Uma i-hashes ihambisana, khona-ke umsebenzisi uqinisekisiwe futhi unikezwe ukufinyelela.
Ukuqeda iphasiwedi kuyindlela e-1, okusho ukuthi awukwazi ukuchofoza i-hah ukuze ubone ukuthi umbhalo ocacile wephasiwedi uwuphi. Ayikho ikhi yokumisa kabusha i-hashi uma idalwe. Ayikho "indandatho ye-decoder" uma uthanda.
Izinhlelo zokuqapha iphasiwedi zisebenza ngendlela efanayo nenqubo yokungena ngemvume. Uhlelo lokuqhafaza luqala ngokuthatha amaphasiwedi aphikisayo, ukuwasebenzisa ngokusebenzisa i-algorithm ye-hash, njenge-MD5, bese iqhathanisa ukukhishwa kwe-hash ne-hashes kwifayili yephasiwedi eyebiwe. Uma ithola umdlalo ke uhlelo luye lwaphazamisa iphasiwedi. Njengoba sishilo ngaphambili, le nqubo ingathatha isikhathi eside kakhulu.
Faka Amathebula We-Rainbow
Amathebula we-rainbow ayiseti elikhulu kakhulu lamatafula aphethwe ngaphambili anezindinganiso ze-hash ezifaniswa ngaphambili namaphasiwedi aphikisayo. Amathebula we-Rainbow ngokuyisisekelo avumela abaduni ukuba baphendule umsebenzi we-hashing ukuze banqume ukuthi yiliphi iphasiwedi ekhonondayo. Kungenzeka ngamaphasiwedi amabili ahlukene ukuze kubangele i-hash efanayo ngakho akubalulekile ukuthola ukuthi iphasiwedi yangempela yayinjani, uma nje inayo ihora elifanayo. Iphasiwedi yokulahla kungenzeka ingabi yi-password efanayo eyadalwa ngumsebenzisi, kodwa uma nje i-hash ifanisiwe, akunandaba ukuthi iphasiwedi yangempela yayinjani.
Ukusetshenziswa kweTablebow Tables kuvumela amaphasiwedi ukuba aqhekeke ngesikhathi esincane kakhulu uma kuqhathaniswa nezindlela ezinamandla-kodwa ukuhweba ukuthi kuthatha isitoreji esikhulu (ngezinye izikhathi iTerabytes) ukubamba iTables Rainbow ngokwabo, Isitoreji kulezi zinsuku siningi futhi eshibhile ngakho-ke ukuhweba akuyona into enkulu njengoba kwenzeka eminyakeni eyishumi eyedlule lapho ukushayela kwe-terabyte kwakungeyona into ongayithola e-Best Buy yendawo.
Abaqaphi bangakwazi ukuthenga ama-Rainbow Tables ngaphambi kokuphanga amaphasiwedi wezinhlelo zokusebenza ezisengozini ezifana ne-Windows XP, Vista, Windows 7, nezinhlelo zokusebenza ezisebenzisa i-MD5 ne- SHA1 njengendlela yokwenza iphasiwedi yabo (abathuthukisi bezinhlelo zokusebenza eziningi basasebenzisa lezi zindlela zokulungisa i-hashing).
Indlela Yokuzivikela Nge-Rainbow Amathebula Asekelwe-Iphasiwedi Esekelwe
Sifisa ukuthi kunezeluleko ezingcono kulowo wonke umuntu. Sithanda ukusho ukuthi iphasiwedi enamandla izokusiza, kodwa lokhu akulona iqiniso ngoba akusiyo ubuthakathaka bephasiwedi eyinkinga, kubuthakathaka obuhambisana nomsebenzi we-hashing osetshenziselwa ukubethela iphasiwedi.
Iseluleko esingcono kakhulu esingasinika abasebenzisi ukuhlala kude nezinhlelo zokusebenza zewebhu ezivimbela ubude bakho bephasiwedi kwinombolo embalwa yabalingiswa. Lokhu kuyisibonakaliso esicacile sezinhlelo zokuqinisekiswa kwephasiwedi ezindala ezisesikoleni esiphephile. Ubude bephasiwedi obude futhi ubunzima bungasiza kancane, kodwa akuyona ifomu elivikelwe lokuvikela. Uma isikhathi eside iphasiwedi yakho, amaTable Rainbow amakhulu kufanele abe ukuyiqeda, kodwa isichotho esinemithombo eminingi singakwazi ukufeza lokhu.
Iseluleko sethu sokuzivikela ngokumelene nama-Rainbow Tables ngempela senzelwe abathuthukisi bezinhlelo zokusebenza nabaphathi besistimu. Zisezindleleni zangaphambili uma kuziwa ekuvikeleni abasebenzisi ngokumelene nalolu hlobo lokuhlaselwa.
Nawa amanye amathiphu wokuthuthukiswa ekuvikeleni ngokuhlasela kwe-Rainbow Table:
- Ungasebenzisi i-MD5 noma i-SHA1 emsebenzini wakho we-password. I-MD5 ne-SHA1 yizinhlelo zokusebenza zephasiwedi ezingaphelelwa yisikhathi kanye namatafula amaningi e-rainbow asetshenziselwa ukuphazamisa amaphasiwedi eklanyelwe ukubhekisa izinhlelo zokusebenza nezinhlelo ngokusebenzisa lezi zindlela ezishayisayo. Cabanga ukusebenzisa izindlela ezengeziwe zesimanje ezifana ne-SHA2.
- Sebenzisa "usawoti" we-cryptographic ku-password yakho. Ukwengeza uCilongo olubukhali kumsebenzi wakho wephasiwedi uqobo uzosiza ukuvikela ngokusetshenziswa kweTablebow Tables okusetshenziselwa ukuphazamisa amaphasiwedi kuhlelo lwakho lokusebenza. Ukubona izibonelo ezimbalwa zokubhaliwe zendlela yokusebenzisa usawoti we-cryptographic ukuze usize "Rainbow-Proof" isicelo sakho sicela uhlole isayithi le-WebMasters By Design elinesihloko esihle esihlokweni.
Uma ufuna ukubona ukuthi abakwaHacker benza kanjani ukuhlaselwa kwephasiwedi usebenzisa i-Rainbow Tables, ungafunda le ndaba enhle kakhulu mayelana nokuthi ungasebenzisa kanjani lezi zindlela ukuze uphinde uphinde uthole amaphasiwedi akho.