top of page
Search

Day 26 of 100 Days of Cybersecurity - Rainbow Attacks

  • Elizabeth Rasnick
  • May 26, 2023
  • 2 min read

Rainbows are usually associated with bright sunshine after a storm. Well, welcome to the world of black hat hackers! Here, rainbows are not large arcs, they are square tables. Rainbow tables are part of a hackers tool kit. They are used to crack passwords. Remember on Day 8 when I begged everyone to not use default passwords and to use complex passwords? Rainbow attacks are one of the reasons why.

Each row in a rainbow table provides information about the password in the first column. The password in the first column of each row is in plaintext, meaning it has not been encrypted or run through a hashing algorithm. Each column is some value related to the password in that row. In each row, there will be several encrypted and hashed values for the same password. The different values resulting from the different algorithms the original password has been run through. Confused yet? That’s where the colors (of the rainbow) come into it. In order to help keep the various encryption algorithms and hash functions straight, the columns are colored for fast visual cues.

Why bother going to all this trouble? Is it really worth a hacker’s efforts? Loads of people use the same passwords as you can see on the CyberNews’s most common passwords list. Bad actors know this. When attempting to crack someone’s password, they save a ton of time by starting with these commonly used passwords. That is what makes creating rainbow tables worth the effort. With a little poking around, hackers can often determine what encryption method is being used. Then, they can just run through the column on their encryption table for that algorithm. Doing this is a simple looping process that first semester programming students can do and would tak a matter of minutes to complete.

Do I have to make another plea to everyone to have unique and complicated passwords? Or do you still believe you are safe with qwerty123?


Is your password so popular that it’s in a hacker dictionary? Take a look at the popular password in 2023: https://cybernews.com/best-password-managers/most-common-passwords/

For more information on rainbow tables:

 
 
 

Comments

bottom of page