Exam SY0-501 topic 1 question 69 discussion

C Rainbow tables Password Salting Password salting is the process of securing password hashes from something called a ***Rainbow Table attack***. The problem with non-salted passwords is that they do not have a property that is unique to themselves – that is, if someone had a precomputed rainbow table of common password hashes, they could easily compare them to a database and see who had used which common password. A rainbow table is a pre-generated list of hash inputs to outputs, to quickly be able to look up an input (in this case, a password), from its hash. However, a rainbow table attack is only possible because the output of a hash function is always the same with the same input. So how do we make each hashed password in a database unique? We add something called a salt to the input to the hash function. A salt is basically some random data that is unique to each user, that is saved with their password and used in the hashing process of both storing and verifying the password.

it's Rainbow

Salt makes the rainbow go away.

Rainbow: The Rainbow method uses password and precomputed hash. If you have Password + salting, there is no way to recover the password using precomputed hash since it gets only the password not the password + salting

According to Gibson's book, it states that "Both using salting techniques to increase the complexity of passwords and thwart brute force and rainbow attacks."

C. Rainbow Tables per Professor Messer: "Rainbow tables wont work with Salted Hashes"

Rainbow

A public salt does two things: makes it more time-consuming to crack a large list of passwords, and makes it infeasible to use a rainbow table.

B. Dictionary