What are Rainbow Tables?

Rainbow tables are a very interesting method for hackers to ‘crack’ passwords. Instead of relying on CPU power to crack passwords, the rainbow table method favors storage ability over computational power. I’ll give an example.

Let’s say you’re password is ILoveCyberSelfDefense
For the sake of convenience, let’s say the algorithm used to encrypt the password is MD5. The attacker retrieves the MD5 version of the password, which is:


This isn’t useable yet to the attacker, so they will need to do one of two things. They can either make the computer attempt a brute-force attack on the password, or they can check for an entry on a MD5 rainbow table. The user would input the above MD5 hash in the search. If there is a result, it will pop up almost instantly. Otherwise, the user is out of luck and could try a bruteforce attempt.

So what is the catch? A computer still has to manually generate every entry in the rainbow table list, and that takes time and a TON of storage space. So like everything else in this business, it’s a trade off. Do we want to save a ton of time, or do we want to get the answer instantly, but have a hard drive or two with stored passwords?


7 thoughts on “What are Rainbow Tables?

  1. Rainbow tables are very efficient with cracking hashed passwords and commonly used for attacks on md5 and replaces brute forcing almost entirely. It is scary to think how hashes that are commonly used and that were designed to protect now can be cracked within seconds.

  2. To protect yourself from these attacks you could always use a more secure encryption method. Currently 3 quantum key distribution networks (DARPA, SECOQC, and the Tokyo QKD Network) have already been implemented to further advancements in utilizing quantum cryptography as a practical solution to encryption needs.

  3. seems like it would be a very fast way of cracking passwords, however it would need to be a very important job/attack to warrant that much data to be stored for one crack. either that or the attacker would be doing multiple attacks to merit that much data.

  4. I personally would not be up for storing hard drives worth of passwords without this being a highly important job. Obviously if its your work you want to get the job done as quickly as your employer says you should, but if it is on your own personal computer the disk space isn’t a worthy trade off for the speed.

Comments are closed.