Small size required (1-10 length, a-z, 0-9, Symbol 14 !@#$%^&*()-_+=) for a rainbow table needed for the hash would be around 438TB.

Am I doing the math wrong here? You have a 50 character space, and a 10 character password length. This gives you 50^10, roughly 9.77 * 10^16, permutations.

Even assuming you could store each possibility in a single byte, which you can't, that would still take about 86PB to store. Considering you would need to store both the key and the hash in order to have a useful table, it seems you would actually need to have a few exabytes dedicated to this.

Greenmountain's link below (and the Wikipedia page for Rainbow Table) cover it, but you do a space-for-speed tradeoff by basically re-hashing your hash repeatedly, and looking up if the result is in the table, which gives you a short-list of passwords from the pre-computed domain to try.

There is a diminishing-returns limit to how small your rainbow table can be before it starts getting both false positives and false negatives, and bigger password domain makes it worse, but they require less than 1 bit per covered password.

for MD5 GPU bruteforce would be practical and not require any storage. You can do hundreds of millions of trials per second per GPU without having to manage all that storage.

Can you provide explanation on how to compute that? Thanks.

Naively, I get 3 exabytes.

(50^10 + smaller terms) * 256 bits (SHA256 size) Number of hashes * size of hash to store.

Obviously this isn't how it's actually done. The best page I found describing the process is: http://www.freerainbowtables.com/en/faq/

The forum is fascinating: http://www.freerainbowtables.com/phpBB3/uncracked-hashes-f23...

It's probably just the number of permutations times the length of each hash.

No doubt the amount of data you would have to store for such a massive table would be glacial :-)