Rainbow Table Defense Simulator

Learn how rainbow table attacks work and why proper password hashing with salting is essential for security

What is a Rainbow Table?

A rainbow table is a precomputed lookup table for cracking password hashes. It trades computational time for storage space by precomputing hash chains.

Hash Password

password -> 5f4dcc3b

Reduce Hash

5f4dcc3b -> pass123

Repeat Chain

... -> end value

Interactive Chain Generator

Starting Password

Chain Length

Space-Time Tradeoff

Chain Length (t): 1000

Table Count (m): 100.0K

1.6 MBStorage Required

500.0KAvg. Hash Operations

4.6%Success Rate

100.0MPasswords Covered

Storage Lookup Time

Rainbow Table Lookup Simulation

See how a rainbow table attack works by looking up a hash.

Hash to Crack (MD5-style, simplified)

Defense Against Rainbow Tables

Salting

Add a unique random value (salt) to each password before hashing. This makes precomputed tables useless.

hash(salt + password)Highly Effective

Key Stretching

Use slow hash functions like bcrypt, scrypt, or Argon2 that make both table generation and lookup expensive.

bcrypt(password, cost=12)Highly Effective

Strong Passwords

Longer, complex passwords exponentially increase the search space, making tables impractical.

20+ chars with symbolsModerately Effective

Pepper

Add a secret server-side value (pepper) in addition to salt. Even if database is leaked, hashes are useless.

hash(pepper + salt + password)Highly Effective

Key Takeaways

Rainbow tables trade storage space for computation time - larger tables mean faster lookups.

Salting defeats rainbow tables by making each hash unique, requiring a new table per salt.

Modern password hashing algorithms (bcrypt, Argon2) are designed to be resistant to these attacks.

Never use unsalted MD5 or SHA-1 for password storage - they are vulnerable to rainbow table attacks.

Similar Tools

Explore more tools in this category