What is a rainbow table attack?
D2 ยท Threats ยท CompTIA Security+ SY0-701A rainbow table is a precomputed lookup table mapping plaintext passwords to their hashes. Instead of hashing each guess on the fly (brute force), an attacker looks up the hash in the table โ dramatically speeding up password cracking.
How it works: attacker obtains a password hash โ looks it up in the rainbow table โ finds the corresponding plaintext password.
Defense: salting โ adding a unique random value per password makes precomputed tables useless.
How it works: attacker obtains a password hash โ looks it up in the rainbow table โ finds the corresponding plaintext password.
Defense: salting โ adding a unique random value per password makes precomputed tables useless.
Rainbow tables are defeated by salting. If an exam question asks how to protect stored passwords against rainbow table attacks, the answer is salting (and using strong adaptive hashing like bcrypt). Unsalted MD5/SHA-1 hashes are trivially crackable with rainbow tables.