Rainbow Table Attacks Explained
Learn how rainbow table attacks use precomputed hash chains to crack passwords instantly. Understand why salting defeats rainbow tables and how modern hashing algorithms provide built-in protection.
Detailed Explanation
What Are Rainbow Tables?
A rainbow table is a precomputed lookup table that maps hash values back to their original plaintext passwords. Instead of computing hashes during the attack, the attacker builds (or downloads) a table in advance, then looks up any captured hash to find the corresponding password almost instantly.
How They Work
Rainbow tables use a time-memory tradeoff technique:
Chain generation: Start with a candidate password, hash it, apply a "reduction function" to convert the hash back to a new candidate, hash again, and repeat thousands of times. Store only the start and end of each chain.
Lookup: Given a target hash, apply reduction functions and hash repeatedly. If any intermediate value matches a stored chain endpoint, walk the chain from its start point to find the original password.
Chain: pass1 → [hash] → pass2 → [hash] → pass3 → ... → passN
Store: pass1 (start) ←→ passN (end)
Rainbow Table Sizes
| Character Set | Max Length | Table Size | Coverage |
|---|---|---|---|
| Lowercase | 8 chars | ~100 GB | ~99.9% |
| Alphanumeric | 8 chars | ~500 GB | ~99.9% |
| Full ASCII | 7 chars | ~1 TB | ~99.9% |
| Full ASCII | 9 chars | ~100 TB | partial |
Tables for common configurations are freely available online. An attacker with a 1 TB drive can crack almost any unsalted 8-character password in seconds.
Why Salting Defeats Rainbow Tables
A salt is a random value added to each password before hashing:
hash = H(salt + password)
With a unique 16-byte salt per user, an attacker would need a separate rainbow table for each salt — making precomputation infeasible. A single rainbow table covering 8-character passwords becomes useless because it was built without the salt.
Modern Defenses
Modern password hashing algorithms include salting by design:
- bcrypt: generates a 16-byte random salt automatically
- Argon2id: requires a salt parameter (typically 16 bytes)
- scrypt: includes salt in its specification
These algorithms also use key stretching — deliberately slow computation that makes both brute-force and rainbow table attacks impractical.
Are Rainbow Tables Still Relevant?
Rainbow tables remain a serious threat when:
- Legacy systems use unsalted MD5 or SHA-1 hashes
- Applications implement hashing incorrectly (reusing salts, using short salts)
- Databases from old breaches surface with unsalted hashes
They are not a threat when modern algorithms with proper salting are used. However, understanding rainbow tables is essential for evaluating legacy systems and ensuring new implementations avoid the same mistakes.
Use Case
Rainbow table knowledge is essential for security professionals auditing legacy systems, developers migrating from MD5/SHA-1 to bcrypt/Argon2id, and database administrators who need to assess whether their stored credentials are vulnerable. It also helps explain to stakeholders why hash algorithm upgrades are a security priority.