A rainbow table attack is a password cracking method that uses a special table (a “rainbow table”) to crack the password hashes in a database. Applications don’t store passwords in plaintext, but instead encrypt passwords using hashes. After the user enters their password to login, it is converted to hashes, and the result is compared with the stored hashes on the server to look for a match. If they match, the user is authenticated and able to login to the application.
The rainbow table itself refers to a precomputed table that contains the password hash value for each plain text character used during the authentication process. If hackers gain access to the list of password hashes, they can crack all passwords very quickly with a rainbow table.
Hackers must first gain access to leaked hashes in order to carry out rainbow table attacks. The password database itself might be poorly secured, or they may have gained access to the Active Directory(A database and set of services that connect users with the network resources they need to get their work done). Others gain access through phishing techniques of those that might have access to the password database. Additionally, there are already millions and millions of leaked password hashes on the dark web that are available to hackers.
The reason why hackers like to use the rainbow table method is that it's an easy way to decrypt passwords to enable them to gain unauthorized access to systems, rather than relying on the dictionary attack method (which consumes more memory space) or brute force attack (which consumes more computing power). All the attacker needs to do is just check the rainbow table to find the password’s hash. Rainbow tables are deliberately designed to consume less computing power at the cost of using more space. As a result, it usually produces results quicker than a dictionary or brute force attacks, often taking minutes to crack where other methods may take much longer. But this does have some downsides. Rainbow tables take a considerable amount of time to compile from the ground up. This is because all the hashes and the computing work that goes with them must be calculated and stored beforehand (although precompiled ones can also be downloaded online). But once you figure that out, you have a rainbow table that you can always reuse whenever you need to crack a password.
Let's move on to how we can see this method of password cracking in the real world. Here are two real life examples of how this could be used:
An attacker spots a web application with outdated password hashing techniques and poor overall security. The attacker steals the password hashes and, using a rainbow table, the attacker is able to decrypt the passwords of every user of the application.
A hacker finds a vulnerability in a company’s Active Directory and is able to gain access to the password hashes. Once they have the list of hashes they execute a rainbow table attack to decrypt the hashes into plaintext passwords.
How to Prevent Rainbow Table Attacks:
Salting: Hashed passwords should never be stored without salting. Salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them. This makes the password more difficult to decrypt.
Multifactor Authentication: Using multi-factor (MFA) or two-factor authentication (2FA) that involves multiple steps, for example, makes it difficult for anyone to access your account with just a password. This makes it impossible for an attacker to use a rainbow table attack effectively.
Outdated Hashing Algorithms: Hackers look for applications and servers using obsolete password hashing algorithms MD5 and SHA1. If your application uses either algorithm, your risk for rainbow table attacks substantially increases.
Monitoring Servers: Most modern server security software monitors against attempts to access sensitive information and can automatically act to mitigate intruders before they can find the password database.
Some security experts argue that rainbow tables have been rendered obsolete by modern password cracking methodologies. Instead, most attackers now use the more advanced Graphics Processor Unit (GPU) based password cracking methods.
A moderately-sized GPU farm can easily recreate a rainbow table within a few seconds. This means that encoding those passwords into a rainbow table would not make that much sense. Moreover, most passwords are salted anyway, meaning we would need rainbow tables for each salt value, and for larger salts, this is entirely impractical. Bitcoin and other cryptocurrency miners have been tapping GPU technology to calculate hashes for bitcoin farming. There are existing tools that can leverage GPU technology to decrypt password hashes potentially. For example, the Linux-based GPU cluster was used to crack 90 percent of the 6.5 million leaked LinkedIn password hashes in 2012.
Nonetheless, rainbow tables may not be the biggest threat to organizations today. Still, they are certainly a threat and should be considered and accounted for as part of an overall security strategy.
If you liked this article, please consider liking and following for more blogs on cybersecurity and hacking!!