Rainbow table attack is a method of cracking passwords using a rainbow table – a database containing plaintext passwords and hashes that correspond to them.
For security purposes, sites store hashed passwords rather than plaintext. When a user logs in, their plaintext password is translated into a hashed value and compared with the hashes stored by the service. If the hashes match – the user can access their account.
Hackers with access to services’ databases (e.g., from previous attacks) can use rainbow tables to compare hashed values with users’ stolen passwords and figure out their plaintext passwords.
To launch a rainbow table attack, the hacker must have:
While a rainbow table attack can be quick, preparations are not. Computing a rainbow table requires time and a lot of space to store hashes. Passwords are usually acquired in various attacks, such as phishing or breaking into corporate networks.
The most common way to protect oneself against rainbow table attacks is to use salting.
Salting adds a random value to the hash function, which generates unique hashes for passwords. Most modern services use salting, but rainbow table attacks are still launched against outdated applications.
