Rainbow Table Attack
What is Rainbow Table Attack?
Rainbow Table AttackA precomputation attack that uses chains of hash and reduction functions stored in a compact table to invert unsalted password hashes much faster than brute force.
Rainbow tables encode the result of running an entire candidate password space through a hash function as alternating hash/reduction chains, storing only the chain endpoints. To crack a hash, the attacker reruns the reduction chain until the value matches an endpoint, then walks the chain to recover the password. This makes rainbow tables a space–time tradeoff that defeats unsalted hashes for short passwords almost instantly. They are largely neutralised by per-user random salts and modern memory-hard hashing (Argon2id, bcrypt, scrypt), which is why salted hashing is mandatory in every credible authentication design.
● Examples
- 01
Cracking unsalted MD5/SHA-1 password databases with public rainbow tables.
- 02
Recovering NTLM hashes for passwords up to a given length using ophcrack tables.
● Frequently asked questions
What is Rainbow Table Attack?
A precomputation attack that uses chains of hash and reduction functions stored in a compact table to invert unsalted password hashes much faster than brute force. It belongs to the Attacks & Threats category of cybersecurity.
What does Rainbow Table Attack mean?
A precomputation attack that uses chains of hash and reduction functions stored in a compact table to invert unsalted password hashes much faster than brute force.
How do you defend against Rainbow Table Attack?
Defences for Rainbow Table Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Rainbow Table Attack?
Common alternative names include: Time-memory tradeoff.