SaltedHash
SaltedHashTech
Schedule a Meeting
Cybersecurity InsightsCryptography

Rainbow Tables Explained: The Math Behind Password Cracking

Shariar R., CEO
January 21, 2026
Rainbow Tables Explained: The Math Behind Password Cracking

In the early days of the internet, security relied on a simple assumption: "One-way math is unbreakable." We believed that because you couldn't reverse a hash, stolen password databases were safe. But in 2003, a Swiss researcher named Philippe Oechslin proved the industry wrong. He didn't just crack passwords, he industrialized the process.

This is the story of the Rainbow Table, the specific cryptographic attack that forced the world to change how it stores data.

The Problem: Time vs. Memory

Before Rainbow Tables, hackers had two bad options:

  1. Brute Force: Try every possible password combination. This takes zero storage but effectively infinite time, which is CPU heavy.

  1. Lookup Tables: Pre-calculate every possible password hash and store them in a list. This is instant, but requires a larger hard drive, which is Storage heavy.

In 1980, Martin Hellman proposed a middle ground called the Time-Memory Tradeoff. He argued: What if we could use a manageable amount of storage to drastically speed up the time?

The Breakthrough: Reduction Chains

This is the part most explainers skip, but it is the genius of the attack. A Rainbow Table does not store every password. It compresses billions of passwords into Chains.

Imagine you want to map a path from Password A to Hash Z.

  1. Step 1: Hash the password (admin to x78y...).
  2. Step 2: Apply a Reduction Function. This is a special formula that takes a random hash and "reduces" it back into a readable text string. It converts the hex code into a new word like blue.
  3. Step 3: Hash that new word.
  4. Repeat: Do this thousands of times.

The attacker does this loop offline for months, creating millions of chains. But here is the magic: They delete the middle. They only save the Start Point and the End Point of the chain. This means a 10 GB file can represent the same data as a 100 Terabyte lookup table.

The Attack in Action

When an attacker steals a database and sees a hash they want to crack:

  1. They run the reduction/hash loop on the stolen hash.
  2. They check if the result matches any of the End Points in their condensed table.
  3. If it matches, they can reconstruct the entire chain backward to reveal the original password.

What used to take supercomputers days could now be done on a laptop in seconds. Oechslin famously demonstrated this by cracking Windows LAN Manager passwords live at a conference in under a minute.

Why They Failed and Why We Use Salt

Rainbow Tables were a silver bullet for about five years. They destroyed Windows XP and early Unix systems. But they had a fatal flaw: They were pre-computed.

A Rainbow Table only works against a specific hash type like MD5 on a standard list. The security industry responded with Salting. By adding a unique, random string to every user's password before hashing it, engineers broke the chains. To use a Rainbow Table against a salted database, an attacker would have to build a brand-new table for every single user, which is mathematically impossible.

The Lesson

Rainbow Tables are rarely used in modern attacks, but they remain a critical lesson in cybersecurity history. They taught us that hard math isn't enough if the input is predictable. At SaltedHash Tech, we keep this history in mind. We know that standard defenses eventually get broken by clever engineering. The only true defense is unpredictability.

Back to Blogs