A rainbow table is a used to break passwords that have been encrypted into a hash. Rainbow tables are huge sets of precomputed hashes for nearly every possible combination of special characters, letters, and symbols. Password attacks that use brute force methods to break password may compute hash values on the fly, but using rainbow tables the entire data set of hash values are readily available in Random Access Memory (RAM).
The file size of the rainbow table depends on whether you want to load hash values for just letters, letters and numbers, or all characters. File size can be an important consideration due to the large amount of data contained within rainbow tables. A rainbow table can require many gigabytes of storage space. Large rainbow tables can contain trillions of hashes.
Rainbow table are specific to the characters used in the password to be cracked and the password’s length. This means that if a password is too long or uses a character that is not in the rainbow table then it cannot be cracked with that specific table.
Attackers generally use rainbow tables on large databases of stolen password hashes. It is impractical for attackers to use rainbow tables on single compromised machine because it is easier to use password resetting software. One possible defense against rainbow table attacks is “salting” stored passwords.
Salting is a technique to make it difficult to discover passwords through incorporating a special prefix. An administrator salts passwords by adding a random string of characters to the passwords before hashing. Unless the attacker knows the salt value to be removed, they will not be able to reveal the true password. Trying to break a salted password increases the time and complexity required, hopefully making large scale cracking impractical. Using salts also makes other password attacks, such as dictionary and brute force attacks, require more time to break hashes.