Număr curent

Revista Română de Informatică și Automatică / Vol. 34, Nr. 1, 2024


Investigating offline password attacks: A comprehensive review of rainbow table techniques and countermeasure limitations

Fazal WAHAB, Imran KHAN, Ken SI

Rezumat:

The password is the most prevalent method of authentication and is essential for keeping data safe. Due to instances of the release of massive volumes of data records caused by database breaches, a sizable number of passwords have already been broken offline using the disclosed data in recent years. The rainbow table attack, the most practical offline password attack method, is systematically discussed in this study. The two improved rainbow table attack schemes ‒ a novel time-memory tradeoff method using rainbow table sort proposed by Thing and Ying (TY attack) and an upgraded approach combining TY attack with differentiated points proposed by Li (Li attack) ‒ are the main approaches of this article. Additionally, this article addresses the limitations of the current countermeasures for defending against offline password attacks from the perspectives of file encryption, password vaults, and hardware.

Cuvinte cheie:
Rainbow Table Attack, Offline Password Attack, TY Attack, Password Security.

Vizualizează articolul complet:

CITAREA ACESTUI ARTICOL SUNT URMĂTOARELE:
Fazal WAHAB, Imran KHAN, Ken SI, „Investigating offline password attacks: A comprehensive review of rainbow table techniques and countermeasure limitations”, Revista Română de Informatică și Automatică, ISSN 1220-1758, vol. 34(1), pp. 81-96, 2024. https://doi.org/10.33436/v34i1y202408