A rainbow table attack is a form of hacking wherein a cybercriminal uses a rainbow hash table to guess the passwords stored in a database. A rainbow table contains the values used to encrypt the passwords before storing them in the said database.
Cybercriminals favor rainbow table over other types of attacks such as dictionary and brute-force attacks because the former allow them to crack passwords faster.
Read More about “Rainbow Table Attack”
What makes a rainbow table attack favorable for hackers? Let’s look at how a rainbow table attack works.
In general, sensitive data such as passwords get encrypted several times via hashing using either the same or various keys to prevent theft. Rainbow table attacks succeed when the hackers match the hash functions used to protect the passwords.
When someone creates an account, his or her information automatically gets saved in a database in hash format. So when the user attempts to log in, the password hash is cross-checked against the required hash in the database. If they match, the user can log in to his or her account.
The danger emerges when a hacker discovers the rainbow table used to encrypt the passwords stored in a database. All the attacker needs to do is use the rainbow table to crack all the passwords in storage.
How to Prevent a Rainbow Table Attack
Experts believe that the most effective way of combating rainbow table attacks is password salting. The process involves adding “salt” or random data to encrypt a password. That way, each hash becomes unique for each user. Even reused passwords are safer from hacking since each has additional random data sprinkled in. So, even if a hacker knows the key to decrypt the rainbow table, the hashes would not match.
Note, however, that there are various guidelines to ensure the effectiveness of password salting. Here are some of them:
- The salt must not be too short because any hacker with a high-memory hard drive can still easily crack it via guessing.
- Usernames must not be used as salt as these are easy to acquire.
- Never use outdated hashing algorithms in rainbow tables since they are now easy to crack.
- Do not use a fixed salt, that is, the same salt for every hashed password. That would be very ineffective, especially for reused passwords. If a hacker guesses one, he or she also unlocks other accounts with the same password.
- Do not reuse passwords for the same reason cited above.