What is a rainbow table attack and how does it work?

What are rainbow table attacks?

Rainbow table attacks are similar to dictionary attacks, but they use a rainbow table instead of a word list.

Rainbow tables are pre-computed listings. Although these are similar to dictionary attacks, they need less computing power. They are intentionally created to consume less computing power at the cost of using more space.

How do rainbow table attacks work?

Let’s think of a rainbow table as a table with two columns. First, you have hashes. Second, you have the plaintext for the hashes. All you need to do now is search for the right hash in column one and return the plaintext from column two. This is basically how a rainbow table attack works.

Computing power vs storage

Why is using space preferable? Storage tends to be cheaper, faster, and more readily available than computing power. If you compare the price for space versus computing power, space is always the cheaper option.

Even today, with cloud providers like Google Cloud, one gigabyte of storage is likely to cost you around $0.20 per month, depending on location. Whereas the cheapest standard E2 machine with 8 gigabytes of RAM will cost you around $0.70 per hour, and it doesn’t even have a GPU to accelerate the cracking.

As storage is usually cheaper than computing, there is generally more storage space than computing power available. Storage can be faster too, especially with the methods that the rainbow tables use.

Last but not least, you can use the spare computing resources to do other things, maybe even cracking another password in the meantime, depending on your actual computing resources.

Advantages and disadvantages of rainbow tables

Rainbow tables offer a few advantages. We can work in reverse.

Instead of trying every possible word or combination and hashing it, we just check if we find the hash of the password in the first row and return the second row, and so the attacker has a reusable table mapping. It can even abuse hash collisions, and all the attacker has to do during the attack is a simple lookup, which is very fast.

But these benefits come at a price. All the computing has to be done upfront. The hashes have to be calculated at some point and stored. But once you’ve got that out of the way, you’ve got yourself a rainbow table. With that table, you can start cracking multiple passwords.

To conclude, we’ll consider the following example to illustrate the difference between a rainbow table attack and a brute force attack. Let’s say you want to crack 100 passwords.

A brute force attack

In a brute force attack, you would always have to start at the beginning of all possible combinations and try them all over again, hash them, compare them with the hash of the password, and do this for every password. So, in a brute force attack, you’d have to repeat these actions 100 times.

Whereas in the rainbow table attack, you calculated all hashes once, and now you just need to find the right one. You don’t need to calculate the hashes for every combination or word in a list every time for each password. You already did that once and can just look it up.