Rainbow tables are a very interesting method for hackers to ‘crack’ passwords. Instead of relying on CPU power to crack passwords, the rainbow table method favors storage ability over computational power. I’ll give an example.
Let’s say you’re password is ILoveCyberSelfDefense
For the sake of convenience, let’s say the algorithm used to encrypt the password is MD5. The attacker retrieves the MD5 version of the password, which is:
This isn’t useable yet to the attacker, so they will need to do one of two things. They can either make the computer attempt a brute-force attack on the password, or they can check for an entry on a MD5 rainbow table. The user would input the above MD5 hash in the search. If there is a result, it will pop up almost instantly. Otherwise, the user is out of luck and could try a bruteforce attempt.
So what is the catch? A computer still has to manually generate every entry in the rainbow table list, and that takes time and a TON of storage space. So like everything else in this business, it’s a trade off. Do we want to save a ton of time, or do we want to get the answer instantly, but have a hard drive or two with stored passwords?