Understanding Rainbow Table Attack
What is a Rainbow Table?
The passwords in a computer system are not stored directly as plain texts but are hashed using encryption. A hash function is a 1-way function, which means that it can’t be decrypted. Whenever a user enters a password, it is converted into a hash value and is compared with the already stored hash value. If the values match, the user is authenticated.
A rainbow table is a database that is used to gain authentication by cracking the password hash. It is a precomputed dictionary of plaintext passwords and their corresponding hash values that can be used to find out what plaintext password produces a particular hash. Since more than one text can produce the same hash, it’s not important to know what the original password really was, as long as it produces the same hash.
How does the Rainbow Table Attack work?
A rainbow table works by doing a cryptanalysis very quickly and effectively. Unlike bruteforce attack, which works by calculating the hash function of every string present with them, calculating their hash value and then compare it with the one in the computer, at every step. A rainbow table attack eliminates this need by already computing hashes of the large set of available strings. There are two main steps in this:
Creating a Table
Here, the hash of a string is taken and then reduced to create a new string, which is reduced again, repeatedly. For example, let’s create a table of the most common password, 12345678, using MD5 hash function on first 8 characters:
- First we take the string and pass it through md5 hash function.
hashMD5(12345678) = 25d55ad283aa400af464c76d713c07ad
- We reduce the hash by taking only the first 8 characters. Then, we re-hash it.
hashMD5(25d55ad2) = 5c41c6b3958e798662d8853ece970f70
- This is repeated until enough hashes in output chain. This represents one chain, which starts from the first plain text and ends at the last hash.
- After obtaining enough chains, we store them in a table.
Cracking the Password
Starting off with the hashed text (the password) its checked if it exists in the database. If so, go to the start of the chain and start hashing until there is a match. As soon as the match is obtained, the process ceases and the authentication is cracked. The following flowchart explains the steps:
Advantages and Disadvantages of Rainbow Table Attack
- Unlike brute-forcing, performing the hash function isn’t the problem here (since everything is precomputed). With all of the values already computed, it’s simplified to just a simple search-and-compare operation on the table.
- The exact password string isn’t needed to be known. If the hash is matched, it doesn’t matter if the string isn’t the password itself. It will be authenticated.
- A large amount of storage is required for store tables.
- With all of the values already computed, it’s simplified to just a simple search-and-compare operation on the table.
Defense against Rainbow Table Attacks
Rainbow table attacks can easily be prevented by using salt techniques, which is a random data that is passed into the hash function along with the plain text. This ensures that every password has a unique generated hash and hence, rainbow table attack, which works on the principle that more than one text can have the same hash value, is prevented.
Another technique that helps prevent precomputation attacks is key stretching. Using this, the salt, the password, and some intermediate hash values are run through the hash function multiple times to increase the computation time required to hash each password. An alternative approach, called key strengthening, extends the key with a random salt, but then (unlike in key stretching) securely deletes the salt. This forces both the attacker and legitimate users to perform a brute-force search for the salt value. Therefore, there is no point of bypassing salting.