Which of the following password attacks is MOST likely to crack the largest number of randomly generated
passwords?

A.
Hybrid

B.
Birthday attack

C.
Dictionary

D.
Rainbow tables

Explanation:
When a password is “tried” against a system it is “hashed” using encryption so that the actual password is
never sent in clear text across the communications line. This prevents eavesdroppers from intercepting the
password. The hash of a password usually looks like a bunch of garbage and is typically a different length than
the original password. Your password might be “shitzu” but the hash of your password would look something
like “7378347eedbfdd761619451949225ec1”.
To verify a user, a system takes the hash value created by the password hashing function on the client
computer and compares it to the hash value stored in a table on the server. If the hashes match, then the user
is authenticated and granted access.
Password cracking programs work in a similar way to the login process. The cracking program starts by taking
plaintext passwords, running them through a hash algorithm, such as MD5, and then compares the hash output
with the hashes in the stolen password file. If it finds a match, then the program has cracked the password.
Rainbow Tables are basically huge sets of precomputed tables filled with hash values that are pre-matched to
possible plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to
determine what the plaintext password might be.
The use of Rainbow Tables allows for passwords to be cracked in a very short amount of time compared with
brute-force methods, however, the trade-off is that it takes a lot of storage (sometimes Terabytes) to hold the
Rainbow Tables themselves.
With a rainbow table, all of the possible hashes are computed in advance. In other words, you create a series of
tables; each has all the possible two-letter, three-letter, four-letter, and so forth combinations and the hash of
that combination, using a known hashing algorithm like SHA-2. Now if you search the table for a given hash,
the letter combination in the table that produced the hash must be the password you are seeking.