Trusted answers to developer questions

What are rainbow tables?

Get Started With Data Science

Learn the fundamentals of Data Science with this free course. Future-proof your career by adding Data Science skills to your toolkit — or prepare to land a job in AI, Machine Learning, or Data Analysis.

Background

In today’s digital world, if a hacker gets access to your account password, a frightening amount of your sensitive data will be at their disposal. To achieve their malicious goals, attackers often use password cracking. However, traditional password cracking techniques can be extremely time-consuming, so attackers quickly realized that with rainbow tables, they could leverage the space-time trade-off to gain authentication more efficiently.

What are rainbow tables?

Rainbow tables are lists of hashes of a large set of strings or plaintext passwords that have already been computed and stored. Since authentication is done based on password hashes, and not the plaintext passwords themselves, rainbow tables enable hackers to gain access without knowing the original password. All they need to do is crack the password hash. Storing hashes of permutations of a large set of strings means that rainbow tables often require storage at the scale of terabytes. However, rainbow table attacks are far more efficient than traditional password cracking as hashes are checked against a stored database. This removes the need for repeated hashing.

svg viewer

How do rainbow tables work?

Rainbow tables are constructed using chains of hashing and reduction operations. A plaintext password is passed through a series of these operations and then stored in the table alongside the output hash as shown in Figure 1.
For password cracking, the password hash is passed through the chain, link by link, and checked against the stored hashes. If there is a match, rainbow tables retrieve the plaintext that produced the hash. Now, the attacker can successfully authenticate.

Figure 1
Figure 1

How to protect against rainbow table attacks

The best-known way of defending against rainbow table attacks is to make them too difficult to execute. Pseudorandom salt techniques serve as an excellent remedy to these attacks. They ensure that a randomly generated piece of data is passed into the hash function alongside the plain text to ensure that no two passwords share the same hash. Doing so increases the possible number of hashes a set of passwords could have, which makes the resulting rainbow table too difficult to construct; thus, preventing the attack.

RELATED TAGS

password
hashing
reduce
encryption
authentication

CONTRIBUTOR

Anusheh Zohair Mustafeez
Copyright ©2024 Educative, Inc. All rights reserved
Keep Exploring
Related Courses

Learn in-demand tech skills in half the time

PRODUCTS

Mock Interview

New

Courses

Skill Paths

Projects

Assessments

TRENDING TOPICS

Learn to Code

Tech Interview Prep

Generative AI

Data Science

Machine Learning

GitHub Students Scholarship

Early Access Courses

Pricing

For Individuals

Try for Free

Gift a Subscription

CONTRIBUTE

Become an Author

Become an Affiliate

Earn Referral Credits

RESOURCES

Blog

Cheatsheets

Webinars

Answers

ABOUT US

Our Team

Careers

Hiring

Frequently Asked Questions

Contact Us

Press

LEGAL

Privacy Policy

Cookie Policy

Terms of Service

Business Terms of Service

Data Processing Agreement

Copyright ©2024 Educative, Inc. All rights reserved.

soc2
Did you find this helpful?