Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re^4: Creating a rainbow table for a ten-digit number: Advice?

by willyyam (Priest)
on Apr 11, 2010 at 18:47 UTC ( #834118=note: print w/replies, xml ) Need Help??


in reply to Re^3: Creating a rainbow table for a ten-digit number: Advice?
in thread Creating a rainbow table for a ten-digit number: Advice?

What I am trying to prevent is to have a collection of "important" numbers in plaintext on a laptop, which will be moving around geographically and susceptible to theft.

A salted hash is a good way to make sure that these numbers are not stored in plaintext - and it is easy. The issue is that I will eventually, in a secured location without network access, need to reverse this hash (hence a rainbow table).

The laptops are already using full-disk encryption, but this provides only a single layer of defense against exposure - I am thinking about how to add another layer without doubling the number of passphrases to remember (or forget).

  • Comment on Re^4: Creating a rainbow table for a ten-digit number: Advice?

Replies are listed 'Best First'.
Re^5: Creating a rainbow table for a ten-digit number: Advice?
by ikegami (Pope) on Apr 11, 2010 at 19:04 UTC

    What I am trying to prevent is to have a collection of "important" numbers in plaintext on a laptop

    Noone suggested that. We said specifically said to put that information in the secret database, the one "that's under lock and key (of course)".

    You're ok with haveing a secret table that maps public ids to real ids. You were thinking of implementing that table as a rainbow table. All we're suggesting is that you implement that table in a much more straightforward manner:

    work db secret db (laptop) (under lock and key) +-----------+--- +-----------+---------+ | public id | ... | public id | real id | +-----------+--- +-----------+---------+

    The public id would simply be a unique random number. (Safer than a hash, and avoids the problem of collisions.)

    Now, this assumes the database is created before being placed on the laptop, but that's consistent with everything you've told us so far. You can still use the above method if you collect the numbers in the field, but only if the field has access to the a remote service that provides the following function:

    $public_id = get_new_public_for($real_id);

      This is a good solution, save that I am not in constant contact with the people collecting the data, nor their laptops. So, to do this I would require some means of pre-arranging the relationship between "public" and "real" ids.

        I think you may be misuderstanding the Public Key advice.

        1. Back at base, you generate a public/private key pair. (Using say; Crypt::RSA.
        2. You give the public key to the laptop users.
        3. Within the script on the laptop, you use that public key to encrypt the numbers and you store the encrypted data in their DBs.

          You discard the numbers immediately.

        4. When they return to base, you can use the private key to decrypt those databases.

        Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
        "Science is about questioning the status quo. Questioning authority".
        In the absence of evidence, opinion is indistinguishable from prejudice.
Re^5: Creating a rainbow table for a ten-digit number: Advice?
by BrowserUk (Pope) on Apr 11, 2010 at 18:52 UTC

    Do all the laptops have all the important numbers?

    Or just each have one (or a few), and any reversal done (and the DB stored), in your secure location?


    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.

      No, I will only be collecting a few hundred or thousand numbers, roughly split between two laptops. Reversal will be in a secure location.

        Okay, so you want to hash the numbers as the are collected in the field, salted with a memorised (manually entered) salt, and store only the hashes. So that should the laptop fall into the wrong hands, the real numbers are irretrievable.

        But then have a set of rainbow tables back at your secure location, built using the memorised salt+hash, that allows you to reverse the hashes.

        Barring that the bad guys torture you/the collectors for the memorised salt and build their own rainbow tables, that seems quite secure. (To me, but I'm no expert!).


        Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
        "Science is about questioning the status quo. Questioning authority".
        In the absence of evidence, opinion is indistinguishable from prejudice.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://834118]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (6)
As of 2019-11-15 20:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Strict and warnings: which comes first?



    Results (84 votes). Check out past polls.

    Notices?