Can someone explain how to generate rainbow tables? I know there are plenty of programs like Rainbow Crack that can do it, but I'm not looking for a program to do it. I want to know how to do it myself, like if i had no access to a computer except to calculate a hash.

other sites say to chose some random starting points so say i chose "123abc" which results in a md5 hash of 'a906449d5769fa7361d7ecc6aa3f6d28'. now: how do i reduce it properly? i read in one of the explanations that the reduction formulas can be as simple as taking the first 6 number chars. so "906449". do i change that back into ascii and hash it, or hash the hex as ascii?

and how long are the chains? the programs allow for changing the chain length, but how do you chose how long a chain is?

There is no such reduction formula which could map hash to it's input value. As such all reduction formulas *maps* hash to any value randomly, with the hope that at some iteration reduction formula will accidentally point to good password (aka. input to hash). So this is just probabilistic algorithm.
For these reasons I think it is better to use simpler random walk algorithm instead:

``````While Given_hash != string_hash {
string = random_string(required_length)
string_hash = MD5_hash(string) // some hash algorithm
// save string and string_hash to so called rainbow table if you want
// to spam your disk ;) because even for small strings -
// 8 characters - rainbow table is about 1.5 Terabytes of data.
// Are you ready for this ?
}``````

im not talking about an inverse function. like you said, "There is no such reduction formula which could map hash to it's input value". the reduction function is apparently supposed to be some other, very basic one way function that truncates the output somehow, turning it into a new string to hash.

your code is more or less a lookup table, which is too time consuming, and since you are randomly generating strings, duplicates will show up, wasting space

your code is more or less a lookup table, which is too time consuming, and since you are randomly generating strings, duplicates will show up, wasting space

It is not a lookup table, it is random walk algorithm-
http://en.wikipedia.org/wiki/Random_walk

Now about time consumption. How do you know that random walk time consumption will be bigger than any other rainbow table generation schema (including chains method) ?

Now about randomness. Reduction formulas also behaves in random way.
http://en.wikipedia.org/wiki/Rainbow_table
So according to this, even chain method will generate duplicates. Only when duplicate is generated, chain generation will be stopped. But that also means that for being able to detect duplicates - algorithm needs to constantly re-scan all chains for duplicates, because in general duplicate can be found in any chain. So chain method will take time for generating other string + time for chains scan for duplicates.

But lets concentrate on main question here- Is key finding probability is bigger of chain algorithm than same probability of random walk algorithm ?
If not - chain method has no advantages compared to any other random search algorithm.