4

The table looks like this:

123456 -> asfty18u78t489yh  
password -> 89y203rupdifhof  
something -> 2r892389n89rfsd  

And the idea is that if you have the hash (asfty18u78t489yh), you know the password that generated it (123456).

I have seen them called "hash tables" in here, but other sources define a "hash table" as a cryptographic method for indexing arrays. I have seen the term "pre-computed hashes" or "pre-computed hash tables" but only in a few posts/websites. I have also seen some other weird terms and even some confusion with terms (e.g. calling it a "rainbow table" or a "dictionary attack") which may actually be correct but I have no idea.

What is the correct (or, at least, generally accepted) term?

Anders
  • 65,052
  • 24
  • 180
  • 218
Lucas Cioffi
  • 277
  • 1
  • 2
  • 7

2 Answers2

4

If there are the entire hashes for each password it's a pre-computed hash table, in a security context it's usually called just hash tables.

If you have a strcture such as:

End of hash1 -> Password1, Password2, Password3, ...
End of hash2 -> Password4, Password5, Password6, ...

Then it's called a rainbow table, the main difference here is that you group all the passwords that produce hashes that have the same ending (For example, the last 32 bits of sha256). This is done to save some space at expense of computing time, in this case you take the hash you are trying to crack, look at the ending and try the passwords you have associated to that hash ending

Finally, hash tables (AKA Hash maps) in the context of general computer science is a data structure that uses a hash function (Not necessarily a cryptographic hash function) to store, order and/or access data in an array. It works like this:

k = Hash(object.id)
Array[k] = object

When you want to search an object in the table you just get the Array[Hash(object_id)]

There are also certain hash maps that allow multiple values for the same hash (In case of collisions), in this case each entry in the array is a linked list

Mr. E
  • 1,954
  • 9
  • 18
2

As explained in What are rainbow tables and how are they used?, the specific table content you give as an example would make the correct technical term a hash table. This is because you have a 'full' hash for each password, so to get a password for a given hash (if we ignore salting, etc), you do a lookup.

Rainbow tables are technically different as you mention, relying on collisions, rather than on pre-computation.

So, in technical terms, what you are describing is a hash table, where you get your answer with a lookup. If you had a rainbow table, you would need to compute something.

That being said, the link you gave explains this way better (as does the Wikipedia article).

I think I would still use rainbow tables in day-to-day use, but that makes me technically wrong. And now I know better, stubborn.

iwaseatenbyagrue
  • 3,631
  • 1
  • 13
  • 24
  • 5
    I see many people calling them "Rainbow Tables", but based on this question: http://security.stackexchange.com/questions/379/what-are-rainbow-tables-and-how-are-they-used It seem Rainbow Tables are a completely different thing, and actually store a random starting plaintext and an ending hash, which is calculated after many iterations of a hashing AND a reduction function. Sort of like this: f2inff -> 2087238puifa8 Very similar, but different. But i'm asking because i dont know if the question linked is correct. – Lucas Cioffi Mar 03 '17 at 14:00
  • Huh - well, thanks for that, I learned something. It seems I'm with this person: http://security.stackexchange.com/questions/379/what-are-rainbow-tables-and-how-are-they-used#comment379_440 . I am not sure I would change my answer (it is still the term I would reach for, and I think most other people would recognise it, potentially will mocking my ignorance about the difference with hash tables). You might want to add this link and background to your question, by the way - it helps understand the basis for what you asked – iwaseatenbyagrue Mar 03 '17 at 14:04
  • You're welcome! I guess! But the mistery still remains, and now i'm only more confused. – Lucas Cioffi Mar 03 '17 at 14:07