Rainbow tables explained: Password hacking and how to prevent against it
The name "rainbow table" may conjure up images of colorful furniture and dinner placements, but in actuality, it's a technology hackers use to try and commandeer information from your online accounts.
Most websites advance their security to prevent this, but even trusted technology enterprises like Github have been subject to such attacks. Instances like the 2016 attack on the shopping site Taobao left over 20 million users, 1 out of every 20 of their annual shoppers, vulnerable. This article will shed light on exactly how hackers exploit weaknesses—particularly in passwords—and what you can do to keep your accounts as safe as possible.
How hackers get your passwords
Tools for password cracking and recovery like Hashcat are available on the internet for cybersecurity professionals to perform penetration testing on systems to ensure their security. The unfortunate consequence is that tools like this can also find their way into the hands of cyber criminals as well.
To make websites as secure as possible, passwords aren't stored on a database themselves. Instead, when you create an account password, the website processes your password through a hashing algorithm. This algorithm uses the string of characters you chose as your password to store a longer, more secure string that is much more difficult to obtain.
This means hackers don't obtain your password when they crack the website's database. The good news is that hashing is a one-way process, so your password can't be reverse-engineered from a discovered hash. The bad news? Hackers don't need your password once they find the hash; the hash is all they need to gain access.
What is a rainbow table?
Rainbow tables are large collections of data that store various common or weak passwords and the hashes that are created from those passwords. During a network attack, the rainbow table compares its hashes to the hashes in the database to crack the code and gain access to information. Hackers can then utilize this information to exploit a vulnerable network.
How to defend against rainbow table attacks
The measures you can take to keep your accounts safe from rainbow table attacks are extremely simple:
- Use long, mixed-case, elaborate passwords
- Don't use the same password for more than one account
- Enable 2 factor authentication on every possible account
Longer, more complex passwords mean more possibilities for a hacker to deal with. More possibilities equate to larger rainbow tables, which may demand more time than a hacker is willing to dedicate. You can even test the strength of your password to understand how much time it would take a hacker to crack your code.
Make sure to not use the same password for everything. If you do, hackers could use the single hash they find to access every account you have. It would be like using the same key for every lock you own. If you want to make this easier, you can use password management software that keeps a list of complex passwords that can only be unlocked by a master password of your choice.
Additionally, 2 factor authentication may be a slight annoyance every time you log in from a new device, but it's masterful at keeping your accounts protected. As long as you have this setting enabled, you'll be notified anytime someone tries to access your account.
If you're curious about cybersecurity yourself, you can also check out the Kali Linux operating system designed for being a monitored space to play with penetration testing tools.
Author Bio: As an English graduate, technology enthusiast, and Asian food connoisseur, Caleb is happy to talk tech with anyone. You can find more of his writings on caleb-writes.com.