Revista Română de Informatică și Automatică (Mar 2024)
Investigating offline password attacks: A comprehensive review of rainbow table techniques and countermeasure limitations
Abstract
The password is the most prevalent method of authentication and is essential for keeping data safe. Due to instances of the release of massive volumes of data records caused by database breaches, a sizable number of passwords have already been broken offline using the disclosed data in recent years. The rainbow table attack, the most practical offline password attack method, is systematically discussed in this study. The two improved rainbow table attack schemes ‒ a novel time-memory tradeoff method using rainbow table sort proposed by Thing and Ying (TY attack) and an upgraded approach combining TY attack with differentiated points proposed by Li (Li attack) ‒ are the main approaches of this article. Additionally, this article addresses the limitations of the current countermeasures for defending against offline password attacks from the perspectives of file encryption, password vaults, and hardware.
Keywords
