A rainbow table is a simple table filled with hash values mapped to its corresponding plain text. This could be used by the attacker to match a hash value to its corresponding plain text, in the cases where the hash value is known. Imagine a scenario where the attacker determined the password hash of a given user and he is unable to detect the password. This is because hashing is irreversible. In other words, when the attacker has the hash value of a user's password, he still cannot recover the password from the password hash. Hence, in such cases a rainbow table is used by the attacker to match the password hash with the hash in the table to obtain the corresponding plain text. Once the attacker obtains the plain text for the hash, no matter what the password was the system would still grant him access, since the hash generated from this plain text is the same as the hash stored by the system. This is exactly why password hash in Unix and Linux flavors moved from /etc/passwd to /etc/shadow, and the access to /etc/shadow is given only to the hands of the system administrators.
The concept of rainbow tables is similar to hash collision attack, without using a complicated attack model. Rainbow tables use simple hash chains, which enables more effective ways of determining the password for a given hash, although there is a catch. The hash of the password must be known to the attacker, if not it is almost impossible to gain access in a system that checks the number of attempts and has various other constraints. For more information on the working of Rainbow tables, refer Wikipedia: Rainbow_Table. We did not want to duplicate the efforts of others, and hence we just wanted to link to other “well-known” resources that could point you in the right direction. There are many tools that make use of this concept in penetrating or testing secure environment. We would be discussing further about such tools in the corresponding tools section.
Defense against this type of attack or attacks that use rainbow table includes:
Stronger passwords would not make a significant difference in providing counter or preventive measure in this case as the target is not the password itself, but the weakness in the hashing system. The weakness in the hash based system is the length of the password hash. As long as computing power of the systems and machines used by the attackers keep increasing, the length of the hash and the algorithmic strength of hashing function should keep changing to keep up with the attackers. It is always an ongoing war between the good and the bad and it is very hard for one to go beyond the other by a significant distance. This is because one catches up with the other (be it good or bad), with the commonalities among them (computing power, algorithmic strengths and weaknesses, etc.).