312-50V10 · Question #213
How can rainbow tables be defeated?
The correct answer is A. Password salting. Password salting defeats rainbow table attacks by appending a unique random value to each password before hashing, ensuring that precomputed hash chains cannot match any stored hash.
Question
How can rainbow tables be defeated?
Options
- APassword salting
- BUse of non-dictionary words
- CAll uppercase character passwords
- DLockout accounts under brute force password cracking attempts
How the community answered
(40 responses)- A95% (38)
- B3% (1)
- C3% (1)
Why each option
Password salting defeats rainbow table attacks by appending a unique random value to each password before hashing, ensuring that precomputed hash chains cannot match any stored hash.
A rainbow table is a precomputed lookup table mapping hash values back to plaintext passwords. Salting appends a unique random string (the salt) to each password before hashing, so two users with identical passwords produce completely different hashes. Because the salt is unique per credential, an attacker would need to rebuild the entire rainbow table for every possible salt value, making the attack computationally infeasible.
Avoiding dictionary words protects against dictionary and brute-force attacks but does not prevent a rainbow table lookup if the hash of that complex password was precomputed.
Using all uppercase characters reduces the character set and is trivially accommodated by including uppercase variants in a rainbow table; it does not defeat the precomputed-table attack.
Account lockout mitigates online brute-force attempts against a live authentication service but has no effect on offline rainbow table attacks against a stolen hash database.
Concept tested: Password salting to defeat rainbow table attacks
Source: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
Topics
Community Discussion
No community discussion yet for this question.