Are there sha 512 rainbow tables available for download or what kind of dimensions and processing power would be required to generate them?

  • Do you mean SHA-512 or SHA-512 crypt? Rainbow tables only work against unsalted hashes, and even then it's dubious if they're actually better than directly using a GPU based cracker. – CodesInChaos Oct 21 '13 at 10:08

Possibly, but given their size - much more likely to download a generation tool and a word pattern list.

Rainbow tables are a carefully comprised collection of dictionary words and probable combinations in order to save on space.

A rainbow table sufficient for alphanumerical passwords of up to 9 characters is 864 GB in size. A rainbow table for this level entropy will be the size for any hash (MD5, SHA-1, SHA-512, etc) as rainbow tables are actually hashes hashed down to the entropy of the passwords (say, 254). The uniformity distribution requirement of the cryptographic hash makes this possible, but hashes with much larger bit space than the password entropy will have some collisions when hashed down to lower entropy level. Hence the "success rate" column of the rainbow table.

As 900 GB is tolerable for a determined hacker and as people that use alphanumeric passwords less than 10 characters exist, websites will use random salting to foil a rainbow table plus often use a slow key derivation function like PBKDF2 or scrypt.

None of these truly stop matching of a hash to password in a (much slower "sparse" meta-mega) rainbow table if the attacker got their hands on the server's user table. Which is why not using the same password across multiple sites is important.

  • I don't think output size of the hash is relevant to rainbow tables. There is no reason for a rainbow table to store full hashes. – CodesInChaos Oct 21 '13 at 11:08
  • 1
    @CodesInChaos Yes, I've not deeply looked into rainbow table construction, but I'd assume that the success rate column (e.g. 99.9%) refers to hashes that are themselves hashed to smaller space 2^54, with only a few collisions. I'll update answer. – LateralFractal Oct 21 '13 at 11:17
  • @CodesInChaos I thought rainbow table stored the hash of the last reduction function for each line of the table. What does it store? The last reduction function result? – Frederico Schardong Mar 29 '14 at 17:31
  • @FredericoSchardong You could simply truncate the hash. Using the same reduction as everywhere else should work as well. I'm no expert on rainbow tables and I don't know what actual implementations use, but storing a full 512 bit hash strikes me as obviously silly. – CodesInChaos Mar 30 '14 at 08:04