Attacks & Threats
Rainbow Table Attack
Also known as: Time-memory tradeoff
Definition
A precomputation attack that uses chains of hash and reduction functions stored in a compact table to invert unsalted password hashes much faster than brute force.
Examples
- Cracking unsalted MD5/SHA-1 password databases with public rainbow tables.
- Recovering NTLM hashes for passwords up to a given length using ophcrack tables.
Related terms
Dictionary Attack
A targeted password-guessing attack that tries entries from a precompiled list of likely words, leaked passwords, and rule-mutated variations.
Brute Force Attack
An attack that systematically tries every possible value — typically passwords, PINs, or keys — until the correct one is found.
Credential Stuffing
An automated attack that replays large lists of username/password pairs leaked from one service against other services, exploiting password reuse to take over accounts.
Salt
A unique random value combined with a password before hashing to defeat rainbow tables and ensure each user's hash is distinct.
Argon2
A modern memory-hard password hashing function and KDF, winner of the 2015 Password Hashing Competition and specified in RFC 9106.
Cryptographic Hash Function
A deterministic one-way function that maps arbitrary-length input to a fixed-length digest, designed to be collision-, preimage-, and second-preimage-resistant.