Romanian Journal of Information Technology and Automatic Control / Vol. 34, No. 1, 2024

Investigating offline password attacks: A comprehensive review of rainbow table techniques and countermeasure limitations

Fazal WAHAB, Imran KHAN, Ken SI

Abstract:

The password is the most prevalent method of authentication and is essential for keeping data safe. Due to instances of the release of massive volumes of data records caused by database breaches, a sizable number of passwords have already been broken offline using the disclosed data in recent years. The rainbow table attack, the most practical offline password attack method, is systematically discussed in this study. The two improved rainbow table attack schemes ‒ a novel time-memory tradeoff method using rainbow table sort proposed by Thing and Ying (TY attack) and an upgraded approach combining TY attack with differentiated points proposed by Li (Li attack) ‒ are the main approaches of this article. Additionally, this article addresses the limitations of the current countermeasures for defending against offline password attacks from the perspectives of file encryption, password vaults, and hardware.

Keywords:
Rainbow Table Attack, Offline Password Attack, TY Attack, Password Security.

View full article:

CITE THIS PAPER AS:
Fazal WAHAB, Imran KHAN, Ken SI, "Investigating offline password attacks: A comprehensive review of rainbow table techniques and countermeasure limitations", Romanian Journal of Information Technology and Automatic Control, ISSN 1220-1758, vol. 34(1), pp. 81-96, 2024. https://doi.org/10.33436/v34i1y202408