Proton

Hackers use various methods to crack passwords, and one of them is the rainbow table attack. In certain cases, this method can be faster than dictionary attacks(new window) or credential stuffing(new window).

In this article, we explore how rainbow table attacks work and discuss ways to prevent them.

Rainbow table attack definition

A rainbow table attack is a cryptographic attack hackers use to break into systems by figuring out passwords from their hashes, which act as digital fingerprints. A hash function maps each password with a corresponding string of characters.

Unlike a brute-force attack(new window) that tries every possible password one by one, a rainbow table attack doesn’t require guesswork once the table is precomputed. This precomputed table (known as a rainbow table because of the way it looks if color-coded) is essentially a large database of hash value pairs linked to their plaintext counterparts.

How a rainbow table password attack works

1. Creating a list of passwords

When creating rainbow tables, hackers often target the most likely and commonly used passwords with simple patterns (for example, 123456, password, or qwerty), dictionary words, or password dumps obtained from data breaches.

2. Selecting the hash function and converting the passwords

Rainbow table attacks work well with simpler, faster cryptographic hash functions like MD-5, SHA-1, LM Hash, or NTLM Hash since they don’t use security features like salting (adding random data to each password before hashing) or key stretching (repeatedly hashing the password).

Password hashed with MD-5Plaintext password
482c811da5d5b4bc6d497ffa98491e38password123

Each plaintext password runs through the hash function to generate its corresponding hash, which has a unique, fixed-size string of characters as in the example above. Once all passwords are hashed, the hacker can use them to create the rainbow table.

3. Creating the rainbow table to reveal passwords

A rainbow table can be seen as a big Excel sheet, with hashed passwords in the first column and plaintext passwords in the second. If a breached hash is present in this table, that means the breached password is the cell next to it.

Rainbow table attack examples

Here are two hypothetical examples to illustrate how a rainbow table attack could play out:

  • A hacker identifies a social media site that uses an outdated hashing algorithm without any salting. By exploiting a SQL injection flaw, the attacker extracts the hash values of user passwords from the website’s database. Then they use a precomputed rainbow table to quickly convert thousands of these hashes back into plaintext passwords, compromising user accounts.
  • During routine network monitoring, a hacker discovers that an e-commerce website transmits password hashes insecurely between its servers and uses network sniffing tools to capture this data. Since they now have access to the password hashes, the hacker uses a rainbow table attack to decode customer passwords, gaining access to their shopping accounts and personal information.

Rainbow table attack data breaches

Rainbow table attacks have been used in the real world to steal millions of login details. 

For example, a 2012 LinkedIn hack(new window) by Russian cybercriminals resulted in the theft of nearly 6.5 million user account passwords, causing a significant data breach. Following the initial discovery, LinkedIn found an additional 100 million compromised email addresses and passwords in 2016 related to the same incident. The stolen passwords were poorly protected, lacking additional security measures like salting, making them easier for attackers to decrypt using standard rainbow tables

How to prevent rainbow table attacks

Choose platforms with strong hash functions

Secure hash functions like bcrypt(new window) or Argon2(new window) use salting(new window) to add random data to your password before creating its hash. Without the salt, the password’s hash won’t show up in a rainbow table, so an attack would fail.

To find out what hash functions a specific service or app uses to store passwords, check its privacy policy(new window), FAQ section, support page(new window), security certifications or audits(new window) (if any), technical documentation, or developer resources(new window). A simple internet search should work, or you can contact customer support(new window) and ask.

If you run your own websites or databases, keep your security settings updated by using plugins or modules that implement strong hashing algorithms.

Use complex passwords

Instead of using easy-to-guess passwords, opt for secure passwords(new window) made from at least 12 characters, which contain uppercase and lowercase letters, numbers, and symbols. Examples of strong passwords are ?GmmM1Z[c5:F or beht=ty]P:)Gf^c?p?+7. It’s unlikely for a cyberattacker to target such complex passwords using rainbow table attacks.

Turn on multi-factor authentication

Multi-factor authentication (MFA) like two-factor authentication (2FA)(new window) adds at least one more form of authentication to the password request, such as a code on your 2FA authenticator. If an attacker successfully discovers your password after a rainbow table attack, they won’t be able to pass the next steps of authentication.

Additionally, if you get an unexpected request for extra verification, it’s a clear sign that someone is trying to get into your account. You can quickly respond by changing your password.

Use alias email addresses

Alias email addresses(new window) can protect you from data breaches that could lead to rainbow table attacks since they are not connected to your primary email addresses. For example, you can keep using your main email for important messages and finances while reserving email aliases for less secure activities, such as signing up for untrusted services. If your alias email address is hacked, you can simply disable it.

Monitor the internet for data breaches

By staying informed about the latest breaches, you can determine if any of the services you use have been compromised and if your data has been leaked. This allows you to take proactive steps, such as changing your passwords immediately, to prevent hackers from using potentially exposed data to gain unauthorized access to your accounts. 

How Proton Pass can help

Proton Pass can protect you from rainbow table attacks by generating strong passwords(new window) and managing them in one place. It also supports a TOTP (time-based one-time password) authenticator for 2FA tokens(new window). Additionally, the app offers hide-my-email aliases(new window) to prevent your primary email address from being exposed online.

All Proton Pass subscribers can use Pass Monitor(new window) to monitor the health of all passwords and Dark Web Monitoring(new window) to track various sources for data breaches. Our security model(new window) uses the secure bcrypt hashing algorithm, which salts your passwords before hashing them to stop rainbow table attacks. Furthermore, we run an advanced security program called Proton Sentinel(new window) to detect and prevent account takeover attacks.

Start securing your accounts from rainbow table attacks by signing up for a free Proton Pass account today.

Related articles

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.