Brute Force

            The brute force attack is based on trying all possible values to
            get an input password value that will give the same hash as a
            stored password hash. In some cases, the input will not be the
            same as the real password, but instead, it will be a value that
            generates the same password hash. This is called a collision. A
            brute force attack takes a lot more time than a dictionary attack,
            but given enough time (maybe years) and resources, a brute
            force attack would always be successful.


            Rainbow Tables

            There are several versions of rainbow tables that are available
            on the internet. These are tables of pre-calculated password
            hashes and the input value necessary to generate that hash. If an
            attacker can obtain a copy of the password file, then they can
            quickly look up the hash value in the password file and instantly
            cross-reference the password hash to a value that will generate
            that hash. This technique, an unsalted password, can be broken
            in very little time.



            Salts
            A salt value is a value added to a password before hashing. This
            will obscure the true password so that it is not easily broken
            using a dictionary attack or rainbow table. The stored hash value
            is a combination of both the salt and the password, so the values
            in the rainbow table will not generate the same password hash as
            the user's password.