4

Using Reverse Lookup Tables, you create a lookup table consisting of the password hash of user accounts. Then you use another table which consists of hashes with guessed passwords. Then you compare the two to see if the hashed password of compromised user account matches hashed password in lookup table.

Using Rainbow Tables, it appears to be the same technique except the lookup table is smaller so you can search through them quicker.

What is the real difference between reverse lookup tables and rainbow tables?

JohnMerlino
  • 248
  • 1
  • 4
  • 9
  • There is no essential difference. The only distinction tends to be that of "size" (if at all). – Oded Aug 12 '14 at 18:37
  • @Oded then why do experts say that you need a salt to solve rainbow table problem, whereas a hash like sha1 can solve reverse lookup table problem, but not rainbow table problem. – JohnMerlino Aug 12 '14 at 18:53
  • Where do the experts say that? – Oded Aug 12 '14 at 18:53
  • @Oded https://crackstation.net/hashing-security.htm if the two were virtually the same thing, then there wouldn't be separate names for them. – JohnMerlino Aug 12 '14 at 18:55
  • I think @Oded is correct, size is the determining factor. A reverse lookup table is likely to be incomplete, maybe only having entries for common passwords. My understanding of a rainbow table is it contains _all_ possible values, the same way a rainbow contains _all_ possible colors in the visible spectrum. –  Aug 12 '14 at 20:33
  • 4
    Rainbow tables are a specific lookup table compression technique so the size of the table is not linear in the number of passwords. – CodesInChaos Aug 15 '14 at 08:01

1 Answers1

4

Wikipedia explicitly calls out the difference between a rainbow table and a "simple lookup table" as being multiple entries per hash vs. one entry per hash. See the opening paragraph.

J Trana
  • 1,369
  • 9
  • 17