Hash-based　challenge-and-response　protocols　are　widely　used　as　an　authentication　scheme　in　network　applications.　The　authenticator　sends　a　random　string　as　a　challenge　to　the　peer,　the　peer　generates　a　response　with　a　hash　function　on　a　pre-shared　password　combined　the　received　challenge.　In　this　paper,　we　propose　a　general　and　efficient　way　to　break　some　prevalent　hash-based　challenge-　and-response　protocols　in　use.　These　protocols　are　vulnerable　to　the　chosen　challenge　attack　launched　by　a　malicious　user,　who　impersonates　the　server.　We　first　generate　a　rainbow　table　containing　hash　values　of　all　possible　passwords,　which　is　produced　by　hashing　a　pre-chosen　challenge　concatenated　with　all　possible　password　candidates.　Second,　we　impersonate　the　authenticator　and　send　the　pre-chosen　challenge　to　the　peer.　Finally,　we　look　up　in　the　rainbow　table　for　the　received　response　from　the　peer　to　crack　the　password.　With　this　tactic,　we　can　do　the　cost　consuming　pre-computation　once,　and　then　we　can　always　use　it　to　recover　all　of　the　peer＇s　passwords　with　only　one　additional　on-line　query.　©　2012　IEEE.