The multi-platform password cracker Ophcrack is incredibly fast. It uses a set of tables called Rainbow Hash to crack passwords. It can crack the password "Fgpyyih804423" in 160 seconds. Given any system would consider this password to be strong enough to be cracked.
To know how Ophcrack works one needs to know how exactly passwords are stored in the system.
To begin with servers usually never store the password in plain text format (a easy guess ). So what do they store? They normally create a hash out of the password and store it in the database. The password is discarded. When the user logs in next time the hash is used to check if the login password in correct and verify the session. Note that this hash can only be used to verify the password but never to get back the password in plain text.
So whenever someone gets access to your hash database, he or she can never find the password from the hash table. So how does one get the password?
One way is to create a look up table of hashes and their corresponding passwords and then match with the hash table to be cracked. This is how Rainbow tables work and Ophcrack use this to crack the passwords.
Now consider Rainbow Tables to be made from a dictionary of words up to 10 characters with all the possible combinations of alpha numeric letters. Generate a hash table and thus creating a look up table which is called as Rainbow Table. Now you may store it and once generated and stored you have a huge list of hash tables for passwords up to 10 characters long. Creating such a look up table might take some time. However, once created (most available free for download from Ophcrack) you can crack those combination of passwords whose hash is available in this rainbow table within seconds.
However no modern scheme is vulnerable to them.
"Rainbow tables are easy to beat. For each password, generate a random number (a nonce). Hash the password with the nonce, and store both the hash and the nonce. The server has enough information to verify passwords (the nonce is stored in the clear). But even with a small random value, say, 16 bits, rainbow tables are infeasible: there are now 65,536 “variants” of each hash, and instead of 300 billion rainbow table entries, you need quadrillions. The nonce in this scheme is called a “salt” - Thomas Ptacek ".Some Interesting Links to Read On
Enough with the Rainbow Hash Tables.
How Rainbow Tables Work
Rainbow Hash Cracking
Project Rainbow Crack
Faster Cryptanalytic Time-Memory Trade-Off - Philippe Oechslin
Rainbow Tables Wikipedia Entry