Misplaced Pages

Rainbow table

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

This is an old revision of this page, as edited by Remuel (talk | contribs) at 21:14, 11 August 2005 (sorted stub). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 21:14, 11 August 2005 by Remuel (talk | contribs) (sorted stub)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Rainbow Tables

A rainbow table is a one-way hash cracking method created by Philippe Oechslin that uses a faster time-memory trade-off technique . Lists of hashed passwords are pre-generated into files with a utility (rtgen) that allows for hashes to be cracked in a short period of time, generally less than a minute. Tables are hash specific, e.g. MD5 tables can only crack MD5 hashes.

Defense against Rainbow Tables

A rainbow table is essentially worthless against one-way hashes that include tokens (or salts, in the case of 56-bit DES). For example, if a password hash is generated using the following function (where "." is the concatenation operator):

hash = md5sum(password . token)

...a password cracker would have to generate both every possible token for every possible password -- a rainbow table would not give any benefit. However, if a password hash is generated using the following function:

hash = md5sum(password)

...a password cracker may benefit from a rainbow table.


Nearly all distributions and variations of UNIX, Linux, and BSD use one-way hashes and salts, though many PHP web applications use regular MD5.

External Links

Stub icon

This computing article is a stub. You can help Misplaced Pages by expanding it.

Category: