let's just assume a simple non salted hash function, just a plain old $hash = md5($pass)
.
Premises:
Given premise 2., that would mean that the hacker already has control of the database, in which point you have a much bigger problem on your hand.
So, is the point of trying to foil a rainbow table attack simply to protect the retrieval of passwords from an already compromised database/system. Is it that simple or is there something else that I am missing.
I'm already familiar with password hashing techniques, but am just wondering why there is so much hype about rainbow tables. Thanks!
Yes.
Many people use the same password for everything. Compromising the original password (as opposed to simply changing it to something you know) can often give an attacker access to someone's accounts on other services.
Rainbow tables are also much less computationally intensive (simple lookup) than a dictionary attack (which requires hashing) or brute force (which requires a lot more hashing).
Use strong, unique passwords!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With