CSE 539 – 2018
1 13th 2018
This HW to be done in groups of 2 (mandatory).
Note: You have to use 32 bit machines – either Linux for 32 bit, or compile with –m32 option. Also, you may need to do
sudo apt-get install libc6-dev-i386 gcc-multilib g++-multilib
You are given a ZIP file >> here.
This file contains one C program hash.c (it also has md5.h which contains MD-5 routines used).
The hash.c program asks you to type a password. The password must contain exactly 4 characters. Each character must be from [a-z][A-z][0-9]. It then converts the 4 characters to a 32 bit integer (using the ASCII codes) and computes a 32 bit hash and prints the hash in HEX format.
1. Write a program that takes a hash of a password and uses brute force to get the password. Note there are 62^4 = 14,776,336 different passwords.
2. Generate a rainbow table (see below).
3. Use the rainbow table to find (crack) a password from a password hash. Once you can do it, try the hashes from the list below.
Rainbow table: To create a rainbow table you need a 4 character dictionary, a reversal function and have to choose the number of words in the dictionary and the length of the chain. All these are left you.
password hashes, (most are easy.)
A short report explaining how you did it, with data about the size of your rainbow table, time taken to brute force and time taken to use rainbow table. Also any shortcomings – such as passwords you cannot crack using rainbow table.
Brute force cracking will always work (passwords in this HW are short). Rainbow table cracking will be faster but will work only if your reversal function is good (and also choice of words in the dictionary).
Methods of submission:
Hard copy, hand it in, in class. Hand in only 1 copy with 2 names.