You would think so, but, it seems that rainbow tables are surprisingly effective, so that tells you that a lot of corporations -I suspect IoT are the worst offenders- are on low-sodium diets.
Do you have a source for rainbow tables are surprisingly effective?
I was actually under the impression that they're generally overhyped and not useful in most situations.
Even if most IoT companies don't use per-user salts, Ring is one of the most respected ones, since it's run by Amazon. So it likely has salts.
Actually, thinking about this more, I don't think rainbow tables are useful here even without per-user salts. The purpose of rainbow tables is to be a storage optimization, so that you can use less storage than a hash table, while still having a lot of the benefits of a hash table. But this specific use case discussed here is "passwords compromised in non-Ring breaches", for which there is enough storage for a hash table. So a rainbow table provides no benefit over a hash table.
For more information on what rainbow tables are read this (note that the first page doesn't even explain rainbow tables, you have to click part 2 at the bottom to get to the actual explanation of rainbow tables):
I was actually under the impression that they're generally overhyped and not useful in most situations.
Even if most IoT companies don't use per-user salts, Ring is one of the most respected ones, since it's run by Amazon. So it likely has salts.
Actually, thinking about this more, I don't think rainbow tables are useful here even without per-user salts. The purpose of rainbow tables is to be a storage optimization, so that you can use less storage than a hash table, while still having a lot of the benefits of a hash table. But this specific use case discussed here is "passwords compromised in non-Ring breaches", for which there is enough storage for a hash table. So a rainbow table provides no benefit over a hash table.
For more information on what rainbow tables are read this (note that the first page doesn't even explain rainbow tables, you have to click part 2 at the bottom to get to the actual explanation of rainbow tables):
https://rsheasby.medium.com/rainbow-tables-probably-arent-wh...