What is a rainbow table attack and how does it work?

A rainbow table attack is a form of cyberattack for cracking password hashes that uses a special table consisting of precomputed strings or commonly used passwords and corresponding hashes. A rainbow table attack works on passwords that are hashed — protected by using the hashing method — so let’s look into hashing first.

Hashing is the process of transforming any given key or string of characters (such as a password or username) into another string of characters (a different value, also known as the hash value) to make it unreadable and unusable for cybercriminals. This is done by running the password through a one-way mathematical algorithm called a hash function. Hashed passwords are then stored on the company’s server.

If a company uses hashing, it doesn’t have to store the actual passwords to verify legitimate users. Whenever a user enters a password, it is converted into a hash value, which is then compared to the hash value stored on the company’s servers. If the values match, the user is authenticated and granted access. Unfortunately, hashing algorithms are also vulnerable to attacks such as the rainbow table attack. But how do they work?

Rainbow tables are constructed using chains of hashing and reduction operations. A hash function links plaintexts to their hash values, while the reduction function links hash values to plaintexts.

This whole process has four steps, listed below:

1. Generation. The rainbow table starts with a list of potential passwords and then applies a hash function to each password to generate a list of hashes. The resulting hashes and their corresponding plaintext passwords are stored in the rainbow table.
2. Reduction. The hashes in the rainbow table are further processed using a reduction function to generate a new set of hashes. The reduction function maps each hash to a new value, and the new values are used as the starting point for the next step. This step is repeated multiple times to generate a chain of hashes.
3. Lookup. When a hacker has a list of hashes, they can use the rainbow table to find the corresponding plaintext passwords. They perform a reverse lookup of the hashes in the rainbow table, starting with the last hash in each chain and following the chain of hashes backwards until they find a match with the target hash.
4. Cracking. Once a corresponding hash value is found, it means that the corresponding plaintext password is the original password for the target hash. Now the hacker can take advantage of the authentication process and log in to someone else’s account.

Rainbow tables contain very large sets of strings, which means they require large amounts of storage space, sometimes taking up terabytes. They can also take a long time to generate. However, rainbow table attacks are more efficient than brute-force or dictionary attacks because hashes are checked against a stored hash database, so you don’t need to repeat the hashing process from the beginning each time.

Both rainbow table attacks and dictionary attacks are password-cracking techniques used by hackers to gain access to passwords.

In a dictionary attack, the hacker uses a pre-compiled list of common passwords (popular words and symbols), the “dictionary,” to compare against the hashed passwords. If they find a match, it means the hashed password has been cracked. Dictionary attacks are effective because many people use simple passwords that are easy to guess. These attacks rely on the speed of a computer to try a large number of possible passwords.

In a rainbow table attack, the attacker uses a precomputed table of hashes to look up the plaintext version of a hashed password. Unlike a dictionary attack, where the attacker tries every word in the dictionary until they find a match, a rainbow table attack allows the attacker to quickly find the plaintext password if it exists in the precomputed table. Rainbow tables attacks require less computing power and are much faster than standard dictionary attacks, but they require more time to create and use up more space.

There are several ways how a hacker can gain unauthorized access to hashes and carry out rainbow table attacks:

• They find a company or a web application that uses poor login data hashing techniques and overall security. Having gained access to the database, the attacker steals the stored hashes to use the rainbow table and crack them.
• Attackers identify vulnerabilities in a company’s Active Directory and gain access to the password hashes. Having stolen the hashes, all the attacker has to do is use a rainbow table attack.
• Access to users’ login details can also be gained by carrying out phishing attacks. Once the password hashes end up in the cybercriminal’s hands, there is little you can do, unless the hashes are salted.

Salting is one of the ways to protect your data, but it’s not the only one.

You can prevent rainbow table attacks and protect your data in several ways:

• The salting technique is the most effective against rainbow table attacks. Salting means adding extra random characters to the plaintext password and then hashing it. Adding random “salt” to the passwords ensures that no two passwords share the same hash, which makes the rainbow table attack useless.
• Use secure passwords. Opt for 2FA (two-factor authentication) or biometric authentication where possible because biometric passwords are uncrackable with rainbow tables. Furthermore, never use weak or common passwords or use the same password for multiple accounts.
• Update your hashing algorithms. Cybercriminals look for servers and applications that use obsolete password hashing algorithms, so make sure you are using the latest one. Better yet, use salting with a high salt value.
• Protect your servers. Use the latest security software to protect your servers and monitor for attempts to breach their security.

A widespread use of salting techniques and other more effective password cracking methods have made rainbow table attacks nearly obsolete. Nevertheless, staying alert and taking the abovementioned precautions will help you stay safe against these and other password attacks.