What is RainbowCrack?

RainbowCrack is a computer program which generates rainbow tables to be used in password cracking. RainbowCrack differs from “conventional” brute force crackers in that it uses large pre-computed tables called rainbow tables to reduce the length of time needed to crack a password drastically.

How do hackers use rainbow tables?

The rainbow table itself refers to a precomputed table that contains the password hash value for each plain text character used during the authentication process. If hackers gain access to the list of password hashes, they can crack all passwords very quickly with a rainbow table.

How can rainbow tables be defeated?

Rainbow table attacks can easily be prevented by using salt techniques, which is a random data that is passed into the hash function along with the plain text.

How do rainbow tables work?

Rainbow tables are tables of reversed hashes used to crack password hashes. Computer systems requiring passwords typically store the passwords as a hash value of the user’s password. When a computer user enters a password, the system hashes the password and compares it to the stored hash.

What is salting a password?

Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them. Salting prevents hackers who breach an enterprise environment from reverse-engineering passwords and stealing them from the database.

What is password spraying?

Password spraying is a type of brute force attack. In this attack, an attacker will brute force logins based on list of usernames with default passwords on the application.

Is ophcrack safe?

Ophcrack (Figure B) is one of the most popular password recovery tools. It’s free (open source as well), cross platform, and very reliable.

What is a Pwdump file?

pwdump is the name of various Windows programs that outputs the LM and NTLM password hashes of local user accounts from the Security Account Manager (SAM) database and from the Active Directory domain’s users cache on the operating system.

Are rainbow tables still used?

This system was initially immune to rainbow table cracking, but rainbow tables now exist for both LM and NTLM hashes. Some people dismiss the threat of rainbow tables because they require access to a system’s password database (the Security Accounts Manager, or SAM).