Rainbow Table Hash Chain
A recovered password database contains the password hash
27ce84a6075b583086d9fc0c856f1da5d9a853507faffd7d70833c1b7accb156Fortunately the administrator was nice enough not to use salt and the password corresponding to this password hash is contained in a rainbow table, specifically in this hash chain
bambino : hunter42Where
hunter42correspond to the beginning and end of the hash chain respectively, and the hash chain length is 200. The hash function used was
function : password_hash(pw): val = "" repeat 50,000 times: val = sha256hash(val | pw) //where | denotes concatenation return hex(val)This rainbow table was generated from the rockyou password list. The reverse function is this algorithm:
function : reverse(password_hash, column_number): num_val = int(password_hash) line_number = (num_val + column_number) modulo line_count('rockyou.txt') password = get_line_from_file('rockyou.txt', line_number) return password
Where column number corresponds to the (zero based) index of the reverse function in the chain, and get_line_from_file outputs the password on the (zero based) line of the file. So
get_line_from_file('rockyou.txt', 14344108) -> ' \x93R3CKL3$$\x94'.
Recover the password corresponding to the recovered hash.
Test VectorGenerating a hash chain starting from
pw = 'loveu2' pw_hash = c664f66b0f9cf5a777280bc0019a98d7e3b96aa894ec83d5c2d9aa14170fdda6 reverse(hash_val, column=0) = zine73 pw = 'zine73' pw_hash = c7ce2a8c0ab1ac71ef9adeb6310aca5a655e5082bf95770dcb71417a35d2ed8f reverse(hash_val, column=1) = blueraccoon