Brute force vs dictionary attack vs rainbow tables

Brute force: least efficient, tries all the possible values.
Dictionary attack: tries a predefined list of values
Rainbow tables: contain pre-computed hashed values. If a single salt per db is used, then the pre-computed hashed values have to be updated (to include the salt). If a single salt per password is used, then the pre-computed hashed values have to be updated for each password.
More here.
Note: rainbow table can only be used if the hashed values are available.

Hashing properties

1. Collision resistance: it should not be realistically possible to find two messages giving the same hash
2. Pre-image resistance: given the hash, it should not be realistically possible to obtain the message (we ask an adversary, given only H(m), to find m or some m′ such that H(m′) = H(m) )
3. Second pre-image resistance: given both the hash and the message, it should not be realistically possible to obtain another message with the same hash.
More here and here

Remember:
Hashing is not compression (you can’t go back to the original string)
Hashing is not encryption (for encryption you need a key)

What are you hashing

– not sensible data: use MD5/SHA family of hashing functions
– sensible data (like passwords): PBKDF2 (*), bcrypt or scrypt

Key derivation

This is about transforming a password into a key that can be used for encryption. Think about encrypting a file with a password.

The output of a password hashing function is acceptable as a symmetric key, after possible truncation to the required size.
– link
LastPass utilizes the PBKDF2 function implemented with SHA-256 to turn your master password into your encryption key.
– LastPass user manual

(*) PBKDF2 is in fact a Key derivation function, not a hashing function.