Skip main navigation

How to Protect Yourself Against Rainbow Tables

In this video, you will learn how to protect yourself against rainbow tables using a technique called ‘salting’.
6.4
So to protect against rainbow tables, one of the things that we can do is to begin salting our hashes, salting our passwords. When we see stories about popular websites whose users and password lists have been compromised, typically this is because one of two problems
27.2
occurs: firstly, that the passwords have been stored in plaintext or, secondly, that the passwords have been hashed but the hashes have been locked up using a rainbow tape. Salting helps to prevent this. And good practise is that we salt. Most modern implementations of authentication systems do this by default. But if we’re developing in-house systems or we’re using third-party web services, we need to check that this is in place. This is best practice. So here what we’re doing is we’re changing the hash process slightly. If the same password always results in the same hash, what we can do is enter a shared variable that the client and the server know that is added to the password before the hash is generated.
85.9
So now the password is not hashed in isolation. The password has something added to it, what we call a salt. This collectively forms the new hash. So the hash output, now, is not easy to look up on a rainbow table. That’s because the input is no longer just the password. It is something slightly different. So this is a really helpful way of reducing the utility of those rainbow tables.

In this video, you will learn how to protect yourself against rainbow tables using a technique called ‘salting’.

Once you have watched the video, recap the following salting process:

  • a user will enter a password
  • a value is added to the password (salt)
  • the password is then hashed

Reflect and share: Are there other ways to protect against rainbow tables? Share in the comments below.

This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education