Interleaving Cryptanalytic Time-Memory Trade-Offs on Non-uniform Distributions

  • Gildas AvoineEmail author
  • Xavier Carpent
  • Cédric Lauradoux
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9326)


Cryptanalytic time-memory trade-offs (TMTO) are famous tools available in any security expert toolbox. They have been used to break ciphers such as A5/1, but their efficiency to crack passwords made them even more popular in the security community. While symmetric keys are generated randomly according to a uniform distribution, passwords chosen by users are in practice far from being random, as confirmed by recent leakage of databases. Unfortunately, the technique used to build TMTOs is not appropriate to deal with non-uniform distributions. In this paper, we introduce an efficient construction that consists in partitioning the search set into subsets of close densities, and a strategy to explore the TMTOs associated to the subsets based on an interleaved traversal. This approach results in a significant improvement compared to currently used TMTOs. We experimented our approach on a classical problem, namely cracking 7-character NTLM Hash passwords using an alphabet with 34 special characters. This resulted in speedups ranging from 16 to 76 (depending on the input distribution) over rainbow tables, which are considered as the most efficient variant of time-memory trade-offs.



We thank the anonymous reviewers for their constructive comments.

Supplementary material


  1. 1.
    Atom: The Hashcat password cracker (2014).
  2. 2.
    Avoine, G., Carpent, X.: Optimal storage for rainbow tables. In: Lee, H.-S., Han, D.-G. (eds.) ICISC 2013. LNCS, vol. 8565, pp. 144–157. Springer, Heidelberg (2014) Google Scholar
  3. 3.
    Avoine, G., Junod, P., Oechslin, P.: Time-memory trade-offs: false alarm detection using checkpoints. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 183–196. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  4. 4.
    Avoine, G., Junod, P., Oechslin, P.: Characterization and improvement of time-memory trade-off based on perfect tables. ACM Trans. Inf. Syst. Secur. TISSEC 11(4), 1–22 (2008)CrossRefGoogle Scholar
  5. 5.
    Barkan, E., Biham, E., Shamir, A.: Rigorous Bounds on cryptanalytic time/memory tradeoffs. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 1–21. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  6. 6.
    Barkan, E.P.: Cryptanalysis of ciphers and protocols. Ph.D. thesis, Technion - Israel Institute of Technology, Haifa, Israel, March 2006Google Scholar
  7. 7.
    Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: IEEE Symposium on Security and Privacy - S&P 2012, San Francisco, CA, USA. IEEE Computer Society, May 2012Google Scholar
  8. 8.
    Denning, D.: Cryptography and Data Security, p. 100. Addison-Wesley, Boston (1982)zbMATHGoogle Scholar
  9. 9.
    Hellman, M.: A cryptanalytic time-memory trade off. IEEE Trans. Inf. Theory IT 26(4), 401–406 (1980)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Hoch, Y.Z.: Security analysis of generic iterated hash functions. Ph.D. thesis, Weizmann Institute of Science, Rehovot, Israel, August 2009Google Scholar
  11. 11.
    Hong, J., Jeong, K.C., Kwon, E.Y., Lee, I.-S., Ma, D.: Variants of the distinguished point method for cryptanalytic time memory trade-offs. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 131–145. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  12. 12.
    Lee, G.W., Hong, J.: A comparison of perfect table cryptanalytic tradeoff algorithms. Cryptology ePrint Archive, report 2012/540 (2012)Google Scholar
  13. 13.
    Lestringant, P., Oechslin, P., Tissières, C.: Limites des tables rainbow et comment les dépasser en utilisant des méthodes probabilistes optimisées (in French). In: Symposium sur la sécurité des technologies de l’information et des communications - SSTIC, Rennes, France, June 2013Google Scholar
  14. 14.
    Massey, J.L.: Guessing and entropy. In: International Symposium on Information Theory - ISIT 1994, Trondheim, Norway, p. 204. IEEE, June 1994Google Scholar
  15. 15.
    Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: ACM Conference on Computer and Communications Security - CCS 2005, Alexandria, VA, USA, pp. 364–372. ACM, November 2005Google Scholar
  16. 16.
    Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  17. 17.
    Oechslin, P.: The ophcrack password cracker (2014).
  18. 18.
    Peslyak, A.: The John the Ripper password cracker (2014).
  19. 19.
    Russell, S.J., Norvig, P.: Artificial Intelligence: A Modern Approach, vol. 2. Pearson Education, Upper Saddle River (2003) zbMATHGoogle Scholar
  20. 20.
    Shuanglei, Z.: The RainbowCrack project (2014).
  21. 21.
    Standaert, F.-X., Rouvroy, G., Quisquater, J.-J., Legat, J.-D.: A time-memory tradeoff using distinguished points: new analysis & FPGA results. In: Kaliski, B.S., Koç, C.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 593–609. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (, which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  • Gildas Avoine
    • 1
    • 2
    Email author
  • Xavier Carpent
    • 3
  • Cédric Lauradoux
    • 4
  1. 1.INSA de Rennes, IRISA UMR 6074RennesFrance
  2. 2.Institut Universitaire de FranceParisFrance
  3. 3.Université Catholique de LouvainLouvain-la-NeuveBelgium
  4. 4.INRIARennesFrance

Personalised recommendations