Rainbow tables are usually mistaken for pre-computed hash tables (also called lookup tables), but they actually serve a distinct and unique purpose.
This type of strategy for attacking hashes differs from hash/lookup tables in that rainbow tables:
– Require less storage
– Require more processing time
– Are capable of targeting more complex passwords (and thus a wider range of passwords)
This is achieved through an interesting logic. In brief, a rainbow table stores chains of computed hashes – but not the entire chain; rather, only the first and last values of a chain (whose size is arbitrary). The longer a chain, the more time required to recreate it when attempting to find a hash, but the less storage required, since only the first and last values are stored.
Chain calculation relies on the hashing algorithm utilized by the targeted software, so each chain will only be effective against that algorithm. Another portion of the chain calculation process are reduction functions whose sole purpose is to turn a calculated hash back into a string of pre-determined length.
Rainbow tables usually utilize different reduction functions on the same chain in order to reduce the chance that different chains will merge due to collisions resulting from the reduction function.