Rainbow table
A rainbow table is a precomputed structure used to look up likely inputs for unsalted password hashes.
Definition
A rainbow table is a precomputed data structure for reversing many possible hash values back to candidate inputs, usually passwords. Instead of hashing guesses after a database leak, an attacker prepares chains of hashes and reductions in advance and stores enough information to recover likely matches later.
Rainbow tables are most useful against fast, unsalted hashes of human-chosen passwords. They are not magic decryption: they only cover the input space and algorithm used to build the table.
How it works
Classic lookup tables store many direct password-to-hash pairs. Rainbow tables reduce storage by keeping chain endpoints: a hash is reduced to another candidate input, hashed again, and repeated with changing reduction functions. During an attack, the target hash is walked through possible chain positions until a matching endpoint is found.
The trade-off is time versus storage. Building useful tables can be expensive, but once built they can test many matching unsalted hashes quickly.
Defense
A unique random salt per password makes one precomputed table useless across many accounts, because the salt changes the value being hashed. Slow password-hashing functions such as Argon2id, bcrypt, and PBKDF2 further raise the cost of each guess.
Salts do not make weak passwords strong, and raw fast hashes such as MD5 or SHA-1 are still poor password-storage choices even when salted. Store passwords with a dedicated password-hashing function and current cost parameters.
A unique random salt makes precomputed tables for unsalted hashes ineffective across accounts. Attackers would need separate work for each salt.
No. Brute force computes guesses during the attack; a rainbow table moves much of that work into a precomputation phase.
No. They only cover the algorithms, salts, and candidate space used to build them. Long random secrets and salted slow password hashes are outside practical tables.