Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What exactly is a rainbow attack? [closed]

I was reading a few articles on salts and password hashes and a few people were mentioning rainbow attacks. What exactly is a rainbow attack and what are the best methods to prevent it?

like image 638
Dusty Avatar asked Jun 18 '09 13:06

Dusty


People also ask

What is a rainbow table attack how can IT be prevented?

This is when hackers use a pre-computed table of hash values that are pre-matched to possible plain text passwords. It allows hackers to reverse the hashing function to determine the password. A rainbow table attack can crack passwords faster than other techniques, like brute force and dictionary attacks.

What type of attack is a rainbow attack?

A rainbow table attack is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system. A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database.

What is Rainbow Crack used for?

RainbowCrack is a computer program which generates rainbow tables to be used in password cracking. RainbowCrack differs from "conventional" brute force crackers in that it uses large pre-computed tables called rainbow tables to reduce the length of time needed to crack a password drastically.

What is the difference between a dictionary attack and a rainbow table attack?

Rainbow table attacks are similar to dictionary attacks, but they use a rainbow table instead of a word list. Rainbow tables are pre-computed listings. Although these are similar to dictionary attacks, they need less computing power.

What is a rainbow table attack?

A rainbow table attack is a password cracking method that uses a special table (a “rainbow table”) to crack the password hashes in a database. Applications don’t store passwords in plaintext, but instead encrypt passwords using hashes.

What is a rainbow table in cryptography?

A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database. Sensitive data are hashed twice (or more times) with the same or with different keys in order to avoid rainbow table attacks. A password database usually generates a key for a rainbow table and encrypts a password before storing it.

How can I protect my password from a rainbow table attack?

The best protection against this kind of attack is to use a salt (random characters) in your password. i.e. instead of storing md5 (password), store md5 (password + salt), or even better md5 (salt + md5 (password)). Since even with rainbow tables, it is going to be near impossible to store all possible salted hashes.

What is the difference between Rainbow tables and other dictionaries?

The difference between Rainbow Tables and other dictionaries is simply in the method how the entries are stored. The Rainbow table is optimized for hashes and passwords, and thus achieves great space optimization while still maintaining good look-up speed. But in essence, it's just a dictionary.


2 Answers

The wikipedia article is a bit difficult to understand. In a nutshell, you can think of a Rainbow Table as a large dictionary with pre-calculated hashes and the passwords from which they were calculated.

The difference between Rainbow Tables and other dictionaries is simply in the method how the entries are stored. The Rainbow table is optimized for hashes and passwords, and thus achieves great space optimization while still maintaining good look-up speed. But in essence, it's just a dictionary.

When an attacker steals a long list of password hashes from you, he can quickly check if any of them are in the Rainbow Table. For those that are, the Rainbow Table will also contain what string they were hashed from.

Of course, there are just too many hashes to store them all in a Rainbow Table. So if a hash is not in the particular table, the hacker is out of luck. But if your users use simple english words and you have hashed them just once, there is a large possibility that a good Rainbow Table will contain the password.

like image 195
Vilx- Avatar answered Sep 19 '22 15:09

Vilx-


It's when somebody uses a Rainbow table to crack passwords.

If you are worried about this, you should use Salt. There is also a Stack Overlow question that might help you understand salt a little better than Wikipedia...

like image 26
Zifre Avatar answered Sep 21 '22 15:09

Zifre