the room and you want to find someone else with the same birthday as
               you. In this example, you’ll need 253 people in the room to reach the

               same 50 percent probability of finding someone else with the same
               birthday.

               Similarly, it is possible for some tools to come up with another
               password that creates the same hash of a given hash. For example, if
               you know that the hash of the administrator account password is
               1A5C7G, some tools can identify a password that will create the same

               hash of 1A5C7G. It isn’t necessarily the same password, but if it can
               create the same hash, it is just as effective as the original password.

               You can reduce the success of birthday attacks by using hashing
               algorithms with enough bits to make collisions computationally
               infeasible, and by using salts (discussed in the “Rainbow Table
               Attacks” section next). There was a time when security experts
               considered MD5 (using 128 bits) to be collision free. However,

               computing power continues to improve, and MD5 is not collision free.
               SHA-3 (short for Secure Hash Algorithm version 3) can use as many as
               512 bits and is considered safe against birthday attacks and collisions
               —at least for now. Computing power continues to improve, so at some
               point, SHA-3 will be replaced with another hashing algorithm with
               longer hashes and/or stronger cryptology methods used to create the
               hash.


               Rainbow Table Attacks


               It takes a long time to find a password by guessing it, hashing it, and
               then comparing it with a valid password hash. However, a rainbow
               table reduces this time by using large databases of precomputed
               hashes. Attackers guess a password (with either a dictionary or a
               brute-force method), hash it, and then put both the guessed password
               and the hash of the guessed password into the rainbow table.

               A password cracker can then compare every hash in the rainbow table

               against the hash in a stolen password database file. A traditional
               password-cracking tool must guess the password and hash it before it
               can compare the hashes, which takes time. However, when using the
               rainbow table, the password cracker doesn’t spend any time guessing