312-50V9 · Question #410
How can rainbow tables be defeated?
The correct answer is A. Password salting. Password salting defeats rainbow table attacks by appending a unique random value to each password before hashing, making precomputed hash lookups useless.
Question
How can rainbow tables be defeated?
Options
- APassword salting
- BUse of non-dictionary words
- CAll uppercase character passwords
- DLockout accounts under brute force password cracking attempts
How the community answered
(46 responses)- A93% (43)
- B2% (1)
- D4% (2)
Why each option
Password salting defeats rainbow table attacks by appending a unique random value to each password before hashing, making precomputed hash lookups useless.
Rainbow tables are precomputed tables mapping hash values back to plaintext passwords. Salting adds a unique random string to each password before it is hashed, so even identical passwords produce different hashes. This means an attacker would need a separate rainbow table for every possible salt value, which is computationally infeasible.
Non-dictionary words help against dictionary attacks but not rainbow tables, which can contain hashes of arbitrary strings including non-dictionary words if the table is large enough.
Using all uppercase characters merely reduces the character set and does not prevent rainbow table lookups since tables can be built for any character set.
Account lockout policies mitigate online brute force attacks but are irrelevant against rainbow table attacks, which are performed offline against stolen hash databases.
Concept tested: Defeating rainbow table attacks with password salting
Source: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
Topics
Community Discussion
No community discussion yet for this question.