Glossary
Rainbow Table
A rainbow table is a precomputed structure that reverses unsalted password hashes by trading storage for computation. Per-user salts defeat it entirely.
A rainbow table is a precomputed data structure that lets an attacker recover passwords from their hashes far faster than brute force, by trading memory for computation. It stores cleverly compressed chains of alternating hashing and reduction steps, so a huge keyspace fits in feasible storage.
Rainbow tables only work against hashes that are both fast and unsalted — for example raw MD5, SHA-1, or NTLM password hashes. Two defenses break them completely:
- A unique salt per password means a precomputed table is worthless, since it would have to be rebuilt for every salt.
- A slow, memory-hard key derivation function like Argon2 makes building any table prohibitively expensive.
This is why "just hash the password with SHA-256" is unsafe. The correct approach is in password hashing done right.