Rainbow Tables: How Far Can CPU Go?

Abstract Rainbow tables are techniques commonly used in computer security to invert one-way functions, for instance to crack passwords, when the domain of definition is reasonably sized. This article explores the limit on the problem size that can be treated by rainbow tables when the precomputation and the attack phases are both CPU-driven. We conclude that the bottleneck is no longer the memory as it may have been and the precomputation phase seems to have been underestimated so far. We offer a comparison of what can be done on different environments depending on the needs and available computing power of the users.