Rainbow Table Size Calculator
A precomputed lookup table can reverse an unsalted password hash instantly, but only if you can store an entry for every possible password. This calculator estimates the keyspace for a given charset size and password length, then multiplies by the bytes stored per entry to give the naive full-table storage. That figure is the upper bound that real chained rainbow tables compress. It also shows the entropy in bits, so you can see why length dominates and why a unique salt per hash makes precomputation useless.
Keyspace and storage formula
Keyspace = charset size ^ password length
Keyspace (log10) = length * log10(charset size)
Entropy bits = length * log2(charset size)
Storage bytes (log10) = keyspace log10 + log10(bytes per entry)
Naive storage (TB) = 10^(storage log10 bytes - 12)
One terabyte is 10 to the 12 bytes. Logarithms keep the numbers manageable because the keyspace overflows ordinary arithmetic past a few characters.
Rainbow table context
- A 95-character printable set covers letters, digits, and common symbols.
- Each extra password character multiplies the keyspace by the charset size, so length dominates.
- A unique random salt per hash makes any precomputed table useless, per NIST guidance.
- True rainbow tables use hash chains to shrink storage at the cost of more compute per lookup.
- Slow, salted, memory-hard hashing is the defence; this calculator shows the scale precomputation must overcome.
Rainbow table size: frequently asked questions
What is a rainbow table?
A rainbow table is a precomputed structure that trades storage for speed when reversing unsalted password hashes. The naive version stores a hash for every possible password; true rainbow tables compress this using hash chains. This calculator estimates the keyspace and the storage a naive precomputed table would need, which sets the scale of the problem.
How is the keyspace calculated?
The keyspace is the charset size raised to the password length. A 6-character password from a 95-character printable set has 95 to the power 6, about 735 billion combinations. Each extra character multiplies the count by the charset size, which is why length matters far more than complexity.
How much storage would a naive table need?
Multiply the keyspace by the bytes stored per entry. Storing a 32-byte hash for every 6-character printable password is 95 to the power 6 times 32 bytes, roughly 23.5 terabytes. The figure grows astronomically with length, which is why real attacks use chained tables or simply target weak, short passwords.
Why does salting defeat rainbow tables?
A salt is a unique random value mixed into each password before hashing. It means a precomputed table built for one salt is useless for any other, so an attacker would need a separate table per account. Per NIST guidance, every password hash must use a unique salt, which makes precomputation pointless.
Does this model true rainbow-table compression?
No. It computes the keyspace and the naive full-table storage, which is the upper bound. Real rainbow tables use chains to shrink storage at the cost of more compute per lookup. The naive figure is the clearest way to see how charset and length drive the scale of the attack.
Official sources
Reviewed by the CalculatorHub team, edited by James Graham, 17 June 2026. See our methodology.