Overview
When a user creates a password, it is typically stored as a 'hash' (a one-way mathematical representation). A rainbow table is a massive database of these hashes and their corresponding plaintext passwords.
How it Works
Instead of calculating the hash for every guess (as in a brute force attack), the attacker simply looks up the stolen hash in the rainbow table to find the original password.
Prevention
- Salting: Adding a unique, random string of characters (a 'salt') to each password before hashing it. This makes rainbow tables useless because the attacker would need a separate table for every possible salt.