Proton

Hackers use various methods to crack passwords, and one of them is the rainbow table attack. In certain cases, this method can be faster than dictionary attacks or credential stuffing.

In this article, we explore how rainbow table attacks work and discuss ways to prevent them.

Rainbow table attack definition

A rainbow table attack is a cryptographic attack hackers use to break into systems by figuring out passwords from their hashes, which act as digital fingerprints. A hash function maps each password with a corresponding string of characters.

Unlike a brute-force attack that tries every possible password one by one, a rainbow table attack doesn’t require guesswork once the table is precomputed. This precomputed table (known as a rainbow table because of the way it looks if color-coded) is essentially a large database of hash value pairs linked to their plaintext counterparts.

How a rainbow table password attack works

1. Creating a list of passwords

When creating rainbow tables, hackers often target the most likely and commonly used passwords with simple patterns (for example, 123456, password, or qwerty), dictionary words, or password dumps obtained from data breaches.

2. Selecting the hash function and converting the passwords

Rainbow table attacks work well with simpler, faster cryptographic hash functions like MD-5, SHA-1, LM Hash, or NTLM Hash since they don’t use security features like salting (adding random data to each password before hashing) or key stretching (repeatedly hashing the password).

Password hashed with MD-5Plaintext password
482c811da5d5b4bc6d497ffa98491e38password123

Each plaintext password runs through the hash function to generate its corresponding hash, which has a unique, fixed-size string of characters as in the example above. Once all passwords are hashed, the hacker can use them to create the rainbow table.

3. Creating the rainbow table to reveal passwords

A rainbow table can be seen as a big Excel sheet, with hashed passwords in the first column and plaintext passwords in the second. If a breached hash is present in this table, that means the breached password is the cell next to it.

Rainbow table attack examples

Here are two hypothetical examples to illustrate how a rainbow table attack could play out:

  • A hacker identifies a social media site that uses an outdated hashing algorithm without any salting. By exploiting a SQL injection flaw, the attacker extracts the hash values of user passwords from the website’s database. Then they use a precomputed rainbow table to quickly convert thousands of these hashes back into plaintext passwords, compromising user accounts.
  • During routine network monitoring, a hacker discovers that an e-commerce website transmits password hashes insecurely between its servers and uses network sniffing tools to capture this data. Since they now have access to the password hashes, the hacker uses a rainbow table attack to decode customer passwords, gaining access to their shopping accounts and personal information.

Rainbow table attack data breaches

Rainbow table attacks have been used in the real world to steal millions of login details. 

For example, a 2012 LinkedIn hack(nova janela) by Russian cybercriminals resulted in the theft of nearly 6.5 million user account passwords, causing a significant data breach. Following the initial discovery, LinkedIn found an additional 100 million compromised email addresses and passwords in 2016 related to the same incident. The stolen passwords were poorly protected, lacking additional security measures like salting, making them easier for attackers to decrypt using standard rainbow tables

How to prevent rainbow table attacks

Choose platforms with strong hash functions

Secure hash functions like bcrypt(nova janela) or Argon2(nova janela) use salting(nova janela) to add random data to your password before creating its hash. Without the salt, the password’s hash won’t show up in a rainbow table, so an attack would fail.

To find out what hash functions a specific service or app uses to store passwords, check its privacy policy(nova janela), FAQ section, support page, security certifications or audits (if any), technical documentation, or developer resources(nova janela). A simple internet search should work, or you can contact customer support and ask.

If you run your own websites or databases, keep your security settings updated by using plugins or modules that implement strong hashing algorithms.

Use complex passwords

Instead of using easy-to-guess passwords, opt for secure passwords made from at least 12 characters, which contain uppercase and lowercase letters, numbers, and symbols. Examples of strong passwords are ?GmmM1Z[c5:F or beht=ty]P:)Gf^c?p?+7. It’s unlikely for a cyberattacker to target such complex passwords using rainbow table attacks.

Turn on multi-factor authentication

Multi-factor authentication (MFA) like two-factor authentication (2FA) adds at least one more form of authentication to the password request, such as a code on your 2FA authenticator. If an attacker successfully discovers your password after a rainbow table attack, they won’t be able to pass the next steps of authentication.

Additionally, if you get an unexpected request for extra verification, it’s a clear sign that someone is trying to get into your account. You can quickly respond by changing your password.

Use alias email addresses

Alias email addresses(nova janela) can protect you from data breaches that could lead to rainbow table attacks since they are not connected to your primary email addresses. For example, you can keep using your main email for important messages and finances while reserving email aliases for less secure activities, such as signing up for untrusted services. If your alias email address is hacked, you can simply disable it.

Monitor the internet for data breaches

By staying informed about the latest breaches, you can determine if any of the services you use have been compromised and if your data has been leaked. This allows you to take proactive steps, such as changing your passwords immediately, to prevent hackers from using potentially exposed data to gain unauthorized access to your accounts. 

How Proton Pass can help

Proton Pass can protect you from rainbow table attacks by generating strong passwords(nova janela) and managing them in one place. It also supports a TOTP (time-based one-time password) authenticator for 2FA tokens. Additionally, the app offers hide-my-email aliases to prevent your primary email address from being exposed online.

All Proton Pass subscribers can use Pass Monitor(nova janela) to monitor the health of all passwords and Dark Web Monitoring to track various sources for data breaches. Our security model uses the secure bcrypt hashing algorithm, which salts your passwords before hashing them to stop rainbow table attacks. Furthermore, we run an advanced security program called Proton Sentinel to detect and prevent account takeover attacks.

Start securing your accounts from rainbow table attacks by signing up for a free Proton Pass account today.

Artigos relacionados

A phone screen with a speech bubble with a phone number in it
en
Your email address and passwords aren't the only information hackers can use to scam you. Here's what someone can do with your phone number — and how to protect it.
A web application screen with an unlock icon in the bottom right corner
en
Your best defense against a data breach could be improving your web application security: Find out how Proton Pass can help.
Investigative journalist Vegas Tenold explains the gear he uses to protect his privacy and stay safe.
en
  • Notícias sobre a privacidade
Follow investigative journalist Vegas Tenold as he explains his gear and how it keeps him safe from surveillance as he works in the field.
Coinbase, the largest Bitcoin exchange in the US, suffered a data breach
en
  • Notícias sobre a privacidade
  • Proton Wallet
Coinbase employees sold sensitive personal information to attackers, including government IDs and BTC transaction history. Proton Wallet is built to avoid these risks.
Whistleblower's whistle. Journalists must use secure channels to communicate with whistleblowers.
en
  • Guias de privacidade
Whistleblowers risk everything to expose the truth. This guide helps journalists keep their sources safe using secure tools like Proton Mail, Signal, and SecureDrop.
An image showing a phone screen with a child icon and three icons with '17+' '8-12' and '3-5' to indicate age ratings
en
  • Guias de privacidade
Parents can help their children develop healthy screen habits by learning about dark design patterns — Proton investigates how