Under what circumstances that a Rainbow Table attack is best used?
Asked
Active
Viewed 127 times
0
-
We generally ask that people have done some research before asking here. I googled "Under what circumstances that a Rainbow Table attack is best used?" and got a ton of high-quality hits. If you did that research and still have questions, then please refine the question to include what you do understand and where your confusion is. – schroeder Jun 20 '20 at 08:03
1 Answers
0
Given that a Rainbow Table attack means that one must first precompute and store a lot before the attack can be done, it is best used when this trade-off is doable and it is worth the problem. This means for once that everything precomputed fits even into an acceptable storage. Additionally the rainbow table should get used many times, so that the huge overhead of precomputing once gets pays off by using it a lot.
A typical example where this works are breaking unsalted password hashes: the hashes for typical passwords can be precomputed once and then used again and again to crack new password dumps. That's why unsalted passwords are a bad idea.
A typical example where this does not work are properly salted passwords: with the random salt one needs way more time and memory to store all possible hashes for a typical password and this effort does not pay off. That's why random salting is the usual way to defend against rainbow table attacks.
Steffen Ullrich
- 190,458
- 29
- 381
- 434