Rainbow Table

Rainbow Table

The goal of the rainbow table is to make a compromise between time (a brute force attack takes quite a long time) and memory (a dictionary attack is way faster but needs much more memory).

The principle is to start from a word and generate a hash, then from this hash the algorithm generate a new word (or password) which will be hashed. This step is called reduction. This hash will be used to generate a new password and with several repetitions like that we have what is called a chain. To get a rainbow table we generate a number of chains like that and then we reduce them ( otherwise it would be kind of a dictionary attack), meaning we only keep the first and the last term of each chain. Then when the attacker wants to find the password corresponding to a hash, he looks if it is in the rainbow table. If not he applied the reduction algorithm to the hash, get a new password and a new corresponding hash and search it in the table. When he finally find a hash which is in the table, the attacker regenerate the corresponding chain and knows that his first hash and corresponding password is in it. See labs section.
enter image description here