{"id":472,"date":"2021-07-06T09:31:09","date_gmt":"2021-07-06T07:31:09","guid":{"rendered":"https:\/\/infosecscout.com\/?p=472"},"modified":"2023-11-22T13:00:14","modified_gmt":"2023-11-22T12:00:14","slug":"what-is-a-rainbow-table","status":"publish","type":"post","link":"https:\/\/infosecscout.com\/what-is-a-rainbow-table\/","title":{"rendered":"What is a Rainbow Table? (MD5 Decryption Strategy)"},"content":{"rendered":"\n<p>The MD5 algorithm is a one-way hash function, it&#8217;s not reversible, so there is no way to decrypt a MD5 hash &#8220;automatically&#8221;. However, current technologies allow us to use different strategies to crack MD5 hashes and find the original word. Using a rainbow table is one of them, and that&#8217;s what I&#8217;ll introduce in this article.<\/p>\n\n\n\n<p><strong>A rainbow table is a pre-generated file that is optimized for fast password cracking. It contains all the words like a dictionary, but also the hash equivalent. They take more disk space but are faster to use than other attack methods.<\/strong><\/p>\n\n\n\n<p>In this article, we&#8217;ll see what why it&#8217;s a good strategy, how it works and how you can generate them.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/infosecscout.com\/what-is-a-rainbow-table\/#What_are_rainbow_tables_used_for\" title=\"What are rainbow tables used for?\">What are rainbow tables used for?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/infosecscout.com\/what-is-a-rainbow-table\/#How_does_a_rainbow_table_attack_work\" title=\"How does a rainbow table attack work?\">How does a rainbow table attack work?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/infosecscout.com\/what-is-a-rainbow-table\/#How_to_generate_a_rainbow_table\" title=\"How to generate a rainbow table?\">How to generate a rainbow table?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/infosecscout.com\/what-is-a-rainbow-table\/#How_big_is_a_rainbow_table\" title=\"How big is a rainbow table?\">How big is a rainbow table?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/infosecscout.com\/what-is-a-rainbow-table\/#What_is_the_best_defense_against_rainbow_table_attacks\" title=\"What is the best defense against rainbow table attacks?\">What is the best defense against rainbow table attacks?<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_are_rainbow_tables_used_for\"><\/span>What are rainbow tables used for?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong>Rainbow tables are computed files containing hashes and their password equivalents. Using a rainbow table is a common attack used by hackers to crack passwords and find the clear text version of them from a hashed value stored in a database.<\/strong><\/p>\n\n\n\n<p>As a reminder, passwords are generally not stored in clear text in website databases. Most of the time, developers put some security layers in place to avoid any major issue if the database is stolen. <\/p>\n\n\n\n<p>MD5 was one of the most common hash function used in the past to do this. Other algorithms are now being used, as <a href=\"https:\/\/infosecscout.com\/why-md5-is-not-safe\/\" data-type=\"post\" data-id=\"53\">MD5 is <\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/infosecscout.com\/why-md5-is-not-safe\/\" data-type=\"post\" data-id=\"53\" target=\"_blank\">n<\/a><a href=\"https:\/\/infosecscout.com\/why-md5-is-not-safe\/\" data-type=\"post\" data-id=\"53\">o<\/a><a rel=\"noreferrer noopener\" href=\"https:\/\/infosecscout.com\/why-md5-is-not-safe\/\" data-type=\"post\" data-id=\"53\" target=\"_blank\"> l<\/a><a href=\"https:\/\/infosecscout.com\/why-md5-is-not-safe\/\" data-type=\"post\" data-id=\"53\">onger safe<\/a> to do this, but the idea is the same.<\/p>\n\n\n\n<p>Hackers can use different strategies to crack password (dictionary, <a rel=\"noreferrer noopener\" href=\"https:\/\/infosecscout.com\/how-to-brute-force-a-password\/\" data-type=\"post\" data-id=\"56\" target=\"_blank\">brute force<\/a> and rainbow tables are the most common ones). In this article, we&#8217;ll focus on the rainbow table attack, but you can find explanation about the other ones on this website if you are interested too.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_does_a_rainbow_table_attack_work\"><\/span>How does a rainbow table attack work?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong>A rainbow table attack uses a pre-generated file containing hashes and their plain text equivalents to crack passwords stored in a database. If there is a match between a hash in the database and one in the rainbow table, the authentication is now possible, the password has been cracked.<\/strong><\/p>\n\n\n\n<p>Tools like RainbowCrack are often used to generate and use that kind of table (see next question). The generation process is complicated, but these tools will help a lot and using the tables once generated is straightforward, in short:<\/p>\n\n\n\n<ul>\n<li>A hash is identified in the website database<\/li>\n\n\n\n<li>The hacker run a search command to see if the hash is present in the rainbow table<\/li>\n\n\n\n<li>If there is a match, the hacker can now access the user account<\/li>\n<\/ul>\n\n\n\n<p>The bigger the rainbow table is, the more chance there is to have a match.<\/p>\n\n\n\n<figure class=\"wp-block-embed aligncenter is-type-video is-provider-youtube wp-block-embed-youtube\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Generating Rainbow Tables With RainbowCrack\" width=\"720\" height=\"405\" src=\"https:\/\/www.youtube.com\/embed\/O9E1PVZneqg?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_generate_a_rainbow_table\"><\/span>How to generate a rainbow table?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong>The easiest way to generate a rainbow table is to use a tool name RainbowCrack. It&#8217;s available on Windows and Linux and can generate tables for different hash algorithms (including MD5, SHA1 and SHA256).<\/strong><\/p>\n\n\n\n<p>To generate a table, you need to use the rtgen command. There are a few parameters required:<\/p>\n\n\n\n<ul>\n<li><strong>The algorithm<\/strong>: for example MD5 is a common used algorithm in rainbow tables<\/li>\n\n\n\n<li><strong>The charset<\/strong>: what kind of word it should generate in the file (digits, alpha-numeric in lower case, special characters, etc.).<\/li>\n\n\n\n<li><strong>The words length<\/strong> (min and max).<\/li>\n\n\n\n<li>Table generation functions<\/li>\n\n\n\n<li>And the last parameter is to tell if you want to split the file in several small files or not<\/li>\n<\/ul>\n\n\n\n<p>If you are interested in trying this, I explain everything in my book &#8220;<a rel=\"noreferrer noopener\" href=\"https:\/\/md5online.org\/ebook.html\" target=\"_blank\">The Secrets of MD5 Decryption<\/a>&#8220;. I highly recommend reading it if you want to learn everything about the rainbow table strategy, but also the other listed previously (brute force and dictionary, for example).<\/p>\n\n\n\n<p>The generation will take more or less time depending on these parameters. Once the rainbow table generated, you can use another command included in RainbowCrack (rcrack) to check if a specific hash is present in the table.<br>Here is an example with an MD5 hash:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"905\" height=\"610\" src=\"https:\/\/infosecscout.com\/wp-content\/uploads\/2021\/07\/rcrack.jpg\" alt=\"\" class=\"wp-image-475\" srcset=\"https:\/\/infosecscout.com\/wp-content\/uploads\/2021\/07\/rcrack.jpg 905w, https:\/\/infosecscout.com\/wp-content\/uploads\/2021\/07\/rcrack-300x202.jpg 300w, https:\/\/infosecscout.com\/wp-content\/uploads\/2021\/07\/rcrack-768x518.jpg 768w\" sizes=\"(max-width: 905px) 100vw, 905px\" \/><\/figure><\/div>\n\n\n<p>As you can see, my basic password (&#8220;abcd&#8221;) has been found in my rainbow table, the cracking is a success in this case, and the tool stop automatically.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_big_is_a_rainbow_table\"><\/span>How big is a rainbow table?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong>The size of a rainbow table will be between a few megabytes and several petabytes, depending on the character set used and passwords length. For example, a 7-characters lowercase only table will take 35 MB, while an 8-characters alphanumeric table will require 1 TB.<\/strong><\/p>\n\n\n\n<p>By using the different options in RainbowCrack, it&#8217;s possible to adjust the result to make sure it fits on your hard drive or server. But basically, make sure you have large disks if you are interested in testing this at a sufficient scale. If you don&#8217;t have space for more than 7-characters passwords, a <a rel=\"noreferrer noopener\" href=\"https:\/\/infosecscout.com\/how-to-brute-force-a-password\/\" data-type=\"post\" data-id=\"56\" target=\"_blank\">brute force attack is probably a better strategy<\/a>.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.tobtu.com\/rtcalc.php\" target=\"_blank\" rel=\"noreferrer noopener\">Tobtu.com<\/a> has a tool that can help you to better estimate the file size you&#8217;ll generate with RainbowCrack. It&#8217;s not perfect, but it should give you a decent guess.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_the_best_defense_against_rainbow_table_attacks\"><\/span>What is the best defense against rainbow table attacks?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong>As a general rule, the best defense against any attack, including rainbow tables, it to use long passwords, with a minimum complexity level and store them in a database by using a strong algorithm and salt. The longer the password are, the harder it will be to crack them.<\/strong><\/p>\n\n\n\n<p>Even if it helps, complexity is not really the most important factor to slow down hackers, length is. <a href=\"https:\/\/infosecscout.com\/is-md5-easy-to-crack\/\" data-type=\"post\" data-id=\"449\" target=\"_blank\" rel=\"noreferrer noopener\">As explained in this article<\/a>, there is a major difference in the attack duration for an 8-characters passwords and a 10-charaters password.<\/p>\n\n\n\n<p>Users need to use longer passwords, even passphrase are pretty good if not too obvious, and developers must use salt to limit any major problem if a hacker get access to the database (on top of other security measures obviously).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The MD5 algorithm is a one-way hash function, it&#8217;s not reversible, so there is no way to decrypt a MD5 hash &#8220;automatically&#8221;. However, current technologies allow us to use different strategies to crack MD5 hashes and find the original word. Using a rainbow table is one of them, and that&#8217;s what I&#8217;ll introduce in this&#8230;<\/p>\n","protected":false},"author":1,"featured_media":477,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[15],"tags":[],"taxonomy_info":{"category":[{"value":15,"label":"Hacking"}]},"featured_image_src_large":["https:\/\/infosecscout.com\/wp-content\/uploads\/2021\/07\/rainbow-table-attack-1024x683.jpg",1024,683,true],"author_info":{"display_name":"Patrick Fromaget","author_link":"https:\/\/infosecscout.com\/about\/"},"comment_info":0,"category_info":[{"term_id":15,"name":"Hacking","slug":"hacking","term_group":0,"term_taxonomy_id":15,"taxonomy":"category","description":"Ready to level up? Our Hacking Guides have you covered with step-by-step instructions on using tools like Hashcat. It's hacking made simple and fun!","parent":0,"count":15,"filter":"raw","cat_ID":15,"category_count":15,"category_description":"Ready to level up? Our Hacking Guides have you covered with step-by-step instructions on using tools like Hashcat. It's hacking made simple and fun!","cat_name":"Hacking","category_nicename":"hacking","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/infosecscout.com\/wp-json\/wp\/v2\/posts\/472"}],"collection":[{"href":"https:\/\/infosecscout.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosecscout.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosecscout.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosecscout.com\/wp-json\/wp\/v2\/comments?post=472"}],"version-history":[{"count":5,"href":"https:\/\/infosecscout.com\/wp-json\/wp\/v2\/posts\/472\/revisions"}],"predecessor-version":[{"id":680,"href":"https:\/\/infosecscout.com\/wp-json\/wp\/v2\/posts\/472\/revisions\/680"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infosecscout.com\/wp-json\/wp\/v2\/media\/477"}],"wp:attachment":[{"href":"https:\/\/infosecscout.com\/wp-json\/wp\/v2\/media?parent=472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosecscout.com\/wp-json\/wp\/v2\/categories?post=472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosecscout.com\/wp-json\/wp\/v2\/tags?post=472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}