all-in-one privacy solution":["Proton Unlimited to wszechstronne rozwiązanie zapewniające prywatność"],"Black Friday":["Czarny Piątek"],"No ads. Privacy by default.":["Brak reklam. Prywatność w standardzie."],"People before profits":["Ludzie przed zyskiem"],"Security through transparency":["Bezpieczeństwo dzięki przejrzystości"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["Najlepsze oferty Proton Mail ${ BLACK_FRIDAY }"],"The world’s only community- supported email service":["Jedyna na świecie usługa poczty elektronicznej wspierana przez społeczność"]},"specialoffer:limited":{"${ hours } hour":["${ hours } godzina","${ hours } godziny","${ hours } godzin","${ hours } godziny"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["Pozostało: ${ hoursLeft }, ${ minutesLeft } i ${ secondsLeft }"],"${ minutes } minute":["${ minutes } minuta","${ minutes } minuty","${ minutes } minut","${ minutes } minuty"],"${ seconds } second":["${ seconds } sekunda","${ seconds } sekundy","${ seconds } sekund","${ seconds } sekundy"],"Limited time offer":["Oferta ograniczona czasowo"]},"specialoffer:listitem":{"Create multiple addresses":["Utwórz wiele adresów"],"Hide-my-email aliases":["Aliasy hide-my-email"],"Quickly unsubscribe from newsletters":["Szybko anuluj subskrypcję biuletynów"],"Use your own domain name":["Korzystaj z własnej nazwy domeny"]},"specialoffer:logos":{"As featured in":["Opinie naszych klientów"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Uzyskaj zaszyfrowaną usługę e-mail, która chroni Twoją prywatność"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Wyprzedaż Proton Mail z okazji Czarnego Piątku – uzyskaj do 40% zniżki"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Uzyskaj do 40% zniżki na subskrypcje Proton Mail w ten Czarny Piątek. Znajdź wspaniałe oferty naszych bezpiecznych planów usługi poczty elektronicznej w szyfrowaniu end-to-end."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["Wyprzedaż Proton Mail z okazji Czarnego Piątku | Do 40% zniżki na bezpieczną pocztę elektroniczną"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["* Płatne ${ TOTAL_SUM } za pierwszy rok"],"*Billed at ${ TOTAL_SUM } for the first 2 years":["* Płatne ${ TOTAL_SUM } za pierwsze 2 lata"],"30-day money-back guarantee":["30-dniowa gwarancja zwrotu pieniędzy"],"Billed at ${ TOTAL_SUM } for the first 2 years":["Płatne ${ TOTAL_SUM } za pierwsze 2 lata"],"Billed at ${ TOTAL_SUM } for the first year":["Płatne ${ TOTAL_SUM } za pierwszy rok"],"You save ${ SAVE_SUM }":["Oszczędzasz ${ SAVE_SUM }"]},"specialoffer:off":{"${ DISCOUNT } off":["-${ DISCOUNT }"],"${ PERCENT_OFF } off":["-${ PERCENT_OFF }"]},"specialoffer:testimonial":{"I love my ProtonMail":["Uwielbiam ProtonMail"],"My favorite email service":["Moja ulubiona usługa e-mail"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Dziękuję Protonowi za dbanie o nasze bezpieczeństwo w skomplikowanym internetowym uniwersum."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Dostajesz to, za co płacisz. W przypadku przedsiębiorstw big tech, jeśli nie płacisz nic, zostaniesz wykorzystany. Przestałam korzystać z Gmail i przeniosłam się na @ProtonMail"]},"specialoffer:time":{"Days":["Dni"],"Hours":["Godz."],"Min":["Min"]},"specialoffer:title":{"And much more":["I wiele więcej"],"Make your inbox yours":["Spraw, aby Twoja skrzynka odbiorcza była naprawdę Twoja"],"Safe from trackers":["Bezpieczeństwo od skryptów śledzących"],"Stay organized":["Zachowaj porządek"],"Black Friday email deals":["Oferty e-mailowe na Czarny Piątek"],"Don’t just take our word for it":["Nie musisz wierzyć nam na słowo"],"Our story":["Nasza historia"],"Transfer your data from Google in one click":["Przenieś dane z Google jednym kliknięciem"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Uzyskaj dostęp do zablokowanych treści i przeglądaj prywatnie Internet. Obejmuje ponad ${ TOTAL_VPN_SERVERS } serwerów w ponad ${ TOTAL_VPN_COUNTRIES } krajach z możliwością połączenia do 10 urządzeń, a także dostęp do globalnych usług streamingu, blokadę reklam, złośliwego oprogramowania i wiele więcej."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Łatwo udostępniaj swój kalendarz rodzinie, znajomym oraz współpracownikom i wyświetla kalendarze zewnętrzne."],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["Zawiera obsługę 1 niestandardowej domeny e-mail, 10 adresów e-mail, 10 aliasów hide-my-email, udostępnianie kalendarza i nie tylko."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["Obejmuje obsługę 3 niestandardowych domen e-mail, 15 adresów e-mail, nielimitowane aliasy hide-my-email, udostępnianie kalendarza i nie tylko."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["Zarządzanie nawet 25 kalendarzami, aplikacje mobilne, bezpieczne szyfrowanie metodą end-to-end, importowanie kalendarza za pomocą jednego kliknięcia z Google i więcej."]},"Status Banner":{"At the moment we are experiencing issues with the Proton VPN service":["W tej chwili mamy problemy z usługą Proton VPN"],"Learn more":["Dowiedz się więcej"]},"Status banner":{"Learn more":["Dowiedz się więcej"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Uwaga: obecnie występują problemy z usługą ${ issues[0] }."],"We are experiencing issues with one or more services at the moment.":["Mamy problemy z co najmniej jedną usługą."]},"suggestions":{"Suggestions":["Sugestie"]},"Support":{"Sub category":["Podkategoria","Podkategorie","Podkategorii","Podkategorii"]},"Support article":{"${ readingTime } min":["${ readingTime } min","${ readingTime } min","${ readingTime } min","${ readingTime } min"],"Category":["Kategoria","Kategorie","Kategorii","Kategorii"],"Didn’t find what you were looking for?":["Nie znaleziono szukanej frazy?"],"General contact":["Skontaktuj się, wykorzystując ogólne zapytanie"],"Get help":["Uzyskaj pomoc"],"Legal contact":["Skontaktuj się z działem prawnym"],"Media contact":["Skontaktuj się z zespołem medialnym"],"Partnerships contact":["Skontaktuj się z zespołem ds. partnerstwa"],"Reading":["Odczytywanie"]},"Support troubleshooting":{"App version":["Wersja aplikacji"],"Browser":["Przeglądarka"],"Check if this helps":["Sprawdź, czy to pomoże"],"Choose a product":["Wybierz produkt"],"Did this solve your issue?":["Czy Twój problem został rozwiązany?"],"Faster assistance is just a few clicks away":["Szybsze wsparcie uzyskasz w kilka kliknięć"],"How can we help?":["Jak możemy pomóc?"],"No, contact support":["Nie, skontaktuj się z pomocą techniczną"],"Please fill out one field after another":["Wypełnij pola jedno po drugim"],"Please make your selections":["Dokonaj wyboru"],"Proton account":["Konto Proton"],"Proton Bridge":["Proton Bridge"],"Proton Calendar":["Proton Calendar"],"Proton Drive":["Proton Drive"],"Proton for Business":["Proton for Business"],"Proton Mail":["Proton Mail"],"Proton Pass":["Proton Pass"],"Proton VPN":["Proton VPN"],"Thank you for your feedback":["Dziękujemy za podzielenie się opinią"],"What can we help with?":["W czym możemy pomóc?"],"Yes":["Tak"]},"support_modal_search_query":{"Search query":["Zapytanie wyszukiwania"]},"support_search_button":{"Search":["Szukaj"]},"support_search_i_am_looking_for":{"I'm looking for":["Szukam"]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["W celu szybszego rozwiązania problemu dokonaj zgłoszenia przez aplikację Bridge: Pomoc > Zgłoś problem."],"Information":["Informacje"]},"SupportForm:option":{"Account Security":["Bezpieczeństwo konta"],"Contacts":["Kontakty"],"Custom email domain":["Niestandardowa domena e-mail"],"Email delivery and Spam":["Dostarczanie wiadomości e-mail i spam"],"Encryption":["Szyfrowanie"],"Login and password":["Login i hasło"],"Merge aliases and accounts":["Scalanie aliasów i kont"],"Migrate to Proton":["Migracja do Proton"],"Notifications":["Powiadomienia"],"Other":["Inne"],"Plans and billing":["Plany i rozliczenia"],"Proton for Business":["Proton for Business"],"Sign up":["Rejestracja"],"Storage":["Przestrzeń dyskowa"],"Users, addresses, and identities":["Użytkownicy, adresy i tożsamości"]},"SupportForm:optionIntro":{"Select a topic":["Wybierz temat"]},"swiss_baseed_feature":{"Swiss based":["Ulokowany w Szwajcarii"]},"Testimonial":{"Awards":["Nagrody"],"Customers":["Klienci"],"Featured":["Wyróżnione"],"Go to testimonial source":["Przejdź do źródła referencji"],"Reviews":["Opinie"],"Videos":["Pliki wideo"]},"Text":{"If you need help, check out our ${ supportLink }.":["Jeśli potrzebujesz pomocy, sprawdź naszą ${ supportLink }."],"The page you’re looking for might have been removed, or it could be an\nold link.":["Strona, której szukasz, mogła zostać usunięta lub link jest przestarzały."]},"Title":{"On this page":["Na tej stronie"],"Related articles":["Powiązane artykuły"],"Share ${ thisPage }":["Udostępnij ${ thisPage }"],"Thank you!":["Dziękujemy!"],"this page":["tę stronę"]},"Tooltip":{"More information":["Więcej informacji"]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Uzyskaj dostęp do zablokowanych treści i przeglądaj prywatnie Internet. Obejmuje ponad ${ TOTAL_VPN_SERVERS } serwerów w ponad ${ TOTAL_VPN_COUNTRIES } krajach, najwyższe prędkości VPN, ${ TOTAL_VPN_CONNECTIONS } połączeń VPN, usługi streamingu na całym świecie, blokowanie reklam oraz złośliwego oprogramowania i wiele więcej."]},"version_history_label":{"Version history":["Historia wersji"]},"version_history_tooltip":{"Store up to ${ versionHistoryNumber } versions of each file for up to ${ years } years":["Przechowuj do ${ versionHistoryNumber } wersji każdego pliku do ${ years } lat"]}}},"base":"blog","unleashApi":"https://account.proton.me/api","cdn":{"url":"https://pmecdn.protonweb.com/","enabled":"true"}};
window.frameworkContext = frameworkContext;
window.__toAssetUrl = (filename) => {
if (frameworkContext.cdn !== undefined && frameworkContext.cdn.enabled === 'true') {
return `${frameworkContext.cdn.url}${frameworkContext.base}/${filename}`;
} else {
return `/${frameworkContext.base}/${filename}`;
}
};
})();
What is a rainbow table attack and how to prevent it? | Proton
In this article, we explore how rainbow table attacks work and discuss ways to prevent them.
Rainbow table attack definition
A rainbow table attack is a cryptographic attack hackers use to break into systems by figuring out passwords from their hashes, which act as digital fingerprints. A hash function maps each password with a corresponding string of characters.
Unlike a brute-force attack(new window) that tries every possible password one by one, a rainbow table attack doesn’t require guesswork once the table is precomputed. This precomputed table (known as a rainbow table because of the way it looks if color-coded) is essentially a large database of hash value pairs linked to their plaintext counterparts.
How a rainbow table password attack works
1. Creating a list of passwords
When creating rainbow tables, hackers often target the most likely and commonly used passwords with simple patterns (for example, 123456, password, or qwerty), dictionary words, or password dumps obtained from data breaches.
2. Selecting the hash function and converting the passwords
Rainbow table attacks work well with simpler, faster cryptographic hash functions like MD-5, SHA-1, LM Hash, or NTLM Hash since they don ’t use security features like salting (adding random data to each password before hashing) or key stretching (repeatedly hashing the password).
Password hashed with MD-5
Plaintext password
482c811da5d5b4bc6d497ffa98491e38
password123
Each plaintext password runs through the hash function to generate its corresponding hash, which has a unique, fixed-size string of characters as in the example above. Once all passwords are hashed, the hacker can use them to create the rainbow table.
3. Creating the rainbow table to reveal passwords
A rainbow table can be seen as a big Excel sheet, with hashed passwords in the first column and plaintext passwords in the second. If a breached hash is present in this table, that means the breached password is the cell next to it.
Rainbow table attack examples
Here are two hypothetical examples to illustrate how a rainbow table attack could play out:
A hacker identifies a social media site that uses an outdated hashing algorithm without any salting. By exploiting a SQL injection flaw, the attacker extracts the hash values of user passwords from the website’s database. Then they use a precomputed rainbow table to quickly convert thousands of these hashes back into plaintext passwords, compromising user accounts.
During routine network monitoring, a hacker discovers that an e-commerce website transmits password hashes insecurely between its servers and uses network sniffing tools to capture this data. Since they now have access to the password hashes, the hacker uses a rainbow table attack to decode customer passwords, gaining access to their shopping accounts and personal information.
Rainbow table attack data breaches
Rainbow table attacks have been used in the real world to steal millions of login details.
For example, a 2012 LinkedIn hack(new window) by Russian cybercriminals resulted in the theft of nearly 6.5 million user account passwords, causing a significant data breach. Following the initial discovery, LinkedIn found an additional 100 million compromised email addresses and passwords in 2016 related to the same incident. The stolen passwords were poorly protected, lacking additional security measures like salting, making them easier for attackers to decrypt using standard rainbow tables
How to prevent rainbow table attacks
Choose platforms with strong hash functions
Secure hash functions like bcrypt(new window) or Argon2(new window) use salting(new window) to add random data to your password before creating its hash. Without the salt, the password’s hash won’t show up in a rainbow table, so an attack would fail.
If you run your own websites or databases, keep your security settings updated by using plugins or modules that implement strong hashing algorithms.
Use complex passwords
Instead of using easy-to-guess passwords, opt for secure passwords(new window) made from at least 12 characters, which contain uppercase and lowercase letters, numbers, and symbols. Examples of strong passwords are ?GmmM1Z[c5:F or beht=ty]P:)Gf^c?p?+7. It’s unlikely for a cyberattacker to target such complex passwords using rainbow table attacks.
Turn on multi-factor authentication
Multi-factor authentication (MFA) like two-factor authentication (2FA)(new window) adds at least one more form of authentication to the password request, such as a code on your 2FA authenticator. If an attacker successfully discovers your password after a rainbow table attack, they won’t be able to pass the next steps of authentication.
Additionally, if you get an unexpected request for extra verification, it’s a clear sign that someone is trying to get into your account. You can quickly respond by changing your password.
Use alias email addresses
Alias email addresses(new window) can protect you from data breaches that could lead to rainbow table attacks since they are not connected to your primary email addresses. For example, you can keep using your main email for important messages and finances while reserving email aliases for less secure activities, such as signing up for untrusted services. If your alias email address is hacked, you can simply disable it.
Monitor the internet for data breaches
By staying informed about the latest breaches, you can determine if any of the services you use have been compromised and if your data has been leaked. This allows you to take proactive steps, such as changing your passwords immediately, to prevent hackers from using potentially exposed data to gain unauthorized access to your accounts.
All Proton Pass subscribers can use Pass Monitor(new window) to monitor the health of all passwords and Dark Web Monitoring(new window) to track various sources for data breaches. Our security model(new window) uses the secure bcrypt hashing algorithm, which salts your passwords before hashing them to stop rainbow table attacks. Furthermore, we run an advanced security program called Proton Sentinel(new window) to detect and prevent account takeover attacks.
Start securing your accounts from rainbow table attacks by signing up for a free Proton Pass account today.
Cyberattacks aren’t always executed through sophisticated methods like
man-in-the-middle (MITM) attacks on public WiFi. Sometimes, they rely on
something as simple as looking over your shoulder.
Shoulder surfing attacks are when someone watches you
Proton prioritizes our community’s privacy and data security in every aspect of
our business.
To further demonstrate our commitment, we underwent a rigorous external audit
and – on May 2, 2024 – received our ISO 27001 certification.
As an organiz
Anyone with an iPhone can now enjoy Proton Drive’s secure and private photo
backup capabilities. This feature is gradually rolling out to the Proton
community and will be available to everyone by the end of this week.
Smartphones have made us all am
From the very beginning, Proton has always been a different type of
organization. This was probably evident from the way in which we got started via
a public crowdfunding campaign that saw 10,000 people donate over $500,000 to
launch development. As
Your online data is valuable. While it might feel like you’re browsing the web
for free, you’re actually paying marketing companies with your personal
information. Often, even when you pay for services, these companies still
collect and profit from y
Password spraying attacks pose a major risk to individuals and organizations as
a method to breach network security by trying commonly used passwords across
numerous accounts.
This article explores password spraying attacks, explaining their methods