What Are Rainbow Table Attacks?

Padlock with asterisks on white background

Password protection is an efficient access control technique all of us use on a daily basis. It will likely remain an important pillar of cybersecurity for years to come.

Cybercriminals, on the other hand, employ different methods to crack passwords and gain unauthorized access. This includes rainbow table attacks. But what are rainbow table attacks and how dangerous are they? More importantly, what can you do to protect yourself against them?

How Are Passwords Stored?

No platform or application that takes security seriously stores passwords in plain text. This means that if your password is “password123” (and it absolutely should not be, for obvious reasons), it will not be stored as such, but rather as a combination of letters and numbers.

This process of converting plain text into a seemingly random combination of characters is called password hashing. And passwords are hashed with the help of algorithms, automated programs that use mathematical formulas to randomize and obscure plain text. Some of the best-known hashing algorithms are: MD5, SHA, Whirlpool, BCrypt, and PBKDF2.

So, if you take the password “password123” and run it through the MD5 algorithm, this is what you get: 482c811da5d5b4bc6d497ffa98491e38. This string of characters is the hashed version of “password123,” and the format in which your password would be stored online.

So let’s say you’re logging into your email account. You type in your username or email address, and then the password. The email provider automatically converts the plain text you entered into its hashed value, and compares it to the hashed value that it had initially stored when you first set up your password. If the values match, you are authenticated and gain access to your account.

How would a typical rainbow table attack unfold, then? The threat actor would first have to obtain password hashes. To do this, they would carry out some type of cyberattack, or find a way to bypass an organization’s security structure. Or they would purchase a dump of stolen hashes on the dark web.

How Rainbow Table Attacks Work

The next step would be converting the hashes to plain text. Obviously, in a rainbow table attack, the attacker would do this using a rainbow table.

Rainbow tables were invented by IT expert Philippe Oechslin, whose work was based on cryptologist and mathematician Martin Hellman’s research. Named after the colors representing different functions within a table, rainbow tables reduce the time needed to convert a hash to plain text, thus enabling the cybercriminal to carry out the attack more efficiently.

In an ordinary brute force attack, for example, the threat actor would need to decode every hashed password separately, calculate thousands of word combinations, and then compare them. This trial-and-error method still works and probably always will, but requires a lot of time and tremendous computing power. But in a rainbow table attack, an attacker would just need to run an obtained password hash through a database of hashes, then repeatedly split and reduce it, until plain text is revealed.

This, in a nutshell, is how rainbow table attacks work. After cracking a password, a threat actor has countless options as to how to proceed. They can target their victim in any number of ways, gaining unauthorized access to all kinds of sensitive data, including information related to online baking, and such.

How to Protect Against Rainbow Table Attacks

Rainbow table attacks are not as common as they once were, but they still pose a significant threat to organizations of all sizes, and also to individuals. Fortunately, there are ways to protect against them. Here are five things you can do to prevent a rainbow table attack.

1. Set Up Complex Passwords

Using long, complex passwords is an absolute must. A good password should be unique, and include small and capital letters, numbers, and special characters. Most platforms and apps these days require users to do that anyway, so make sure you create an unbreakable password that you won’t forget.

2. Use Multi-Factor Authentication

Multi-factor authentication (MFA) is a simple but powerful security mechanism that renders most password attacks pointless. With MFA set up, you can’t access an account using just your username and password. Instead, you need to provide additional proof of your identity. This can range from confirming your phone number and putting in a temporary PIN, to verifying your fingerprint and answering a personal security question.

3. Diversify Your Passwords

If you use the same password everywhere, just one breach is enough to compromise all of your accounts, no matter how good that password might be. This is why it’s important to use a different password for each account. If going passwordless is an option, consider that too: if you’re not using a password, you can’t fall victim to a rainbow table attack, or any other password-based attack for that matter.

4. Avoid Weak Hashing Algorithms

Some hashing algorithms, like MD5, are weak, which makes them an easy target. Organizations should stick to state-of-the-art algorithms such as SHA-256, which is so secure that it is used by government agencies in the United States, Australia, and elsewhere. As an ordinary person, you should try and avoid platforms and apps that use outdated technology.

5. Utilize Password Salting

Password hashing is a great and necessary security measure, but what if you and another person are using the same password? Their hashed versions would be identical as well. This is where a process called salting comes in. Password salting essentially boils down to adding random characters to every hashed password, so making it completely unique. This tip, too, applies to both organizations and individuals.

Understand Password Security to Stay Safe

Password security as such is key when it comes to preventing unauthorized access and different types of cyberattacks. But it involves more than just coming up with a unique, easy to remember phrase.

To boost your overall cybersecurity, you need to understand how password protection really works, and then take steps to secure your accounts. This can be a tad overwhelming for some, but using reliable authentication methods and a password manager can make a huge difference.

Leave a Reply
Previous Article
Jeannie Mai’s Daughter Learns New Words in Adorable Video: WATCH – SheKnows

Jeannie Mai’s Daughter Learns New Words in Adorable Video: WATCH – Tausi Insider

Next Article
Nick Jonas, Priyanka Chopra Share Rare Photos of Daughter’s Birthday  – SheKnows

Nick Jonas, Priyanka Chopra Share Rare Photos of Daughter’s Birthday  – Tausi Insider

Related Posts