Threat
It is common for databases of passwords to be leaked in an attack. As passwords are commonly stored as hash values, these passwords can't typically be used to gain access to a system. Rainbow tables are one method of attempting to convert such data into usable passwords. Rainbow tables are typically computed for commonly used hashing algorithms and contain the hashes of commonly used passwords. As the rainbow table is precomputed, matching is a fast processes that can occur before anyone realizes the password data has leaked.Defense
Cryptographic salt renders rainbow tables useless as it pads each password with random data resulting in longer hash data that can't be predicted from common passwords.Overview: Rainbow Table | ||
Type | ||
Definition | Precomputed tables of hashed data. | |
Related Concepts | Information SecurityCryptographyInformation Security ThreatsCryptographic Salt |