Rainbow tables

Rainbow tables

Hash Functions and Applications

Published in Jonathan Katz, Yehuda Lindell, Introduction to Modern Cryptography, 2020

The above discussion assumes no preprocessing is done by the attacker. As we have seen in Section 6.4.3, though, preprocessing can be used to generate large tables that enable inversion (even of a random function!) faster than exhaustive search. The tables—called rainbow tables—only need to be generated once, and can be used to recover thousands of passwords in case of a server breach. This is a significant concern in practice: even if a user chooses their password as a random combination of 8 alphanumeric English characters—giving a password space of size N = 628 ≈ 247.6—there is an attack using time and space N2/3 ≈ 232 that will be highly effective at recovering the password. Such attacks are routinely carried out in practice.

Energy-efficient distributed password hash computation on heterogeneous embedded system

View Article

Journal Information

Published in Automatika, 2022

Branimir Pervan, Josip Knezović, Emanuel Guberović

Hashing functions create irreversible password hashes, forcing potential attackers to hash many combinations and try to match them to the values that are stored. Attackers often use precomputed tables with cached outputs of hash functions called rainbow tables [7]. Adding random prefixes or postfixes, called salts, to passwords before applying hash functions invalidates common rainbow tables and makes brute-force attacks less effective, making hashed passwords further secured.

Explore chapters and articles related to this topic

Hash Functions and Applications

Energy-efficient distributed password hash computation on heterogeneous embedded system