Jeff Atwood on cracking passwords using rainbow tables -- very interesting read. The basic idea is that although nobody in their right minds stores passwords except in hashed form, even this is easy to crack if you have enough time and memory to compute all hashes in advance -- which is why you need ideally user specific salting to help.
This is a single archived entry from Stefan Tilkov’s blog. For more up-to-date content, check out my author page at INNOQ, which has more information about me and also contains a list of published talks, podcasts, and articles. Or you can check out the full archive.