Rainbow Tables

Authentication & Authorization 🔐 • Cryptography 🔒 • Sec+ Glossary 📖 • Security+ 02 Difficulty: premium

What is Rainbow Tables?

Rainbow tables are precomputed lookup tables used to reverse unsalted password hashes by matching a stolen hash against previously calculated hash values and their corresponding plaintext candidates.

Examples

  • An attacker steals a database of unsalted password hashes and uses rainbow tables to recover weak passwords much faster than guessing each one from scratch.
  • A legacy system stores passwords with a fast unsalted hash, making rainbow table attacks more practical if the hash database is exposed.

Discover 🔎

When passwords are stored securely, the system is not supposed to keep the plain text version. Instead, it stores a hash, which is a transformed value used later for verification. That sounds safe at first, but the safety depends heavily on how the hashing is done.

Rainbow tables became important because they showed that hashing alone is not always enough. If attackers can predict how passwords were hashed and if those hashes were stored without extra protection such as salting, they can use precomputed lookup data to reverse many of them far more efficiently than starting fresh each time.

Remember: A rainbow table attack is not about breaking the math of hashing directly. It is about using precomputed results to turn stolen hashes back into likely passwords more efficiently.

Summary 📝

Rainbow tables are precomputed cracking aids designed to recover passwords from stolen unsalted hashes more efficiently than brute-force recalculation alone. Their importance lies less in modern day ubiquity and more in what they taught defenders: hashing without salting is not strong enough for password storage. Proper salting and purpose-built password-hashing algorithms are what make this style of attack far less practical.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.