View Full Version : Security and "Rainbow Tables"

01-30-2012, 11:50 PM
Can someone help me get a better understanding of how a hacker would use a "Rainbow Table" to more effectively attack my website?

First off, a Rainbow Table is just something like this, right?

Password Hashed Password
12345 90217633
password 78019345
LetMeIn 25334109
qwerty 88012542


01-31-2012, 12:09 AM
A hacker will try to find matching hashes in the database which will then allow then to attempt to calculate and find various letters in the password. The more of these they can establish the worse your chances.

To counter this, we use what is called salt - a random string added on to the password so that if 4 or 5 users use the same password, it will still be different creating a unique hash in the database. You can store each users salt in the password with the rest of their account details.

You can also use vinegar too - another string which is applied to the password which is hard coded into the php script. I personally use salt and vinegar in my own code but you can just use salt and be done with it.