Nowadays finding a password belonging to a hash became a serious security threat due to the continuous increase of the computers’ computing capacity and the more efficient cracking techniques. The speed of cracking can be increased not only by development of the hardware but with paralleling. There are many methods for cracking passwords, one of the most efficient uses the rainbow tables. My thesis task is to create a program that uses this method and supports multithreaded and distributed cracking. In my thesis I present the process of design and implementation of this program.
After the introduction I write about rainbow tables and the method of rainbow cracking.
Then I introduce some hashcracking programs based on this technique. The time to generate rainbow tables depends exponentially on the length and the size of character set of the password. Since my task does not include generating rainbow tables, I use tables generated by other programs.
In the next section I present the potential technologies that can be used to implement this program. I write about the difficulties caused by the high computing speed demand of rainbow cracking and my experiences about the technologies. Finally I implemented most of the program in the .NET framework. Because of the speed demand I use an open source library implemented in C to calculate hashes. The communication of the components over a network is implemented in WCF.
In the Design section I discuss the architecture, the interaction between components and the design decisions. It was an important goal to create the possibility of easily adding support to other hash functions, rainbow tables and cracking components based on other methods.
In the development section I present the implementation of the components with code samples. I review making the cracking multithreaded, the distributed working and the connection between the components implemented using different technologies.
In the summary section I present the results of the program and the possible ways of development. I introduce a concrete example when I used the program to crack hashes. Then I show some methods to defend against rainbow cracking.