Making a Higher Hit Ratio Cryptanalytic Time-Memory Trade-Off Attack on Passwords

Most of implementations of the cryptanalytic time-memory trade-off attacks such as Hellman's original method, Rivest's distinguished points cracking and Oechslin's rainbow attack are also considered as an exhaustive attack to passwords in a limited length range on a certain charset. However, the distributions of structures and strings making up real human memorable passwords do not appear random. Based upon these, we propose a method to generate passwords in those cryptanalytic timememory trade-off methods. It achieves a higher hit ratio in attacking actual passwords and reduces search space drastically with requirement of only a little extra memory. It makes time-memory trade-off more practical. Even to attack long length passwords, the results of experiments show that our approach has a higher hit ratio compared with Oechslin's method. In addition, this method can be used in the distributed and parallel attack.