The initial passwords of DRACOON are generated via a secure pseudo-random number generator. Before they are saved, these and all user-selected passwords are hashed using the bcrypt feature (https://en.wikipedia.org/wiki/Bcrypt). This secure hash function is regularly adjusted in its complexity so that a brute-force attack on the hash values is impossible at any time.
Furthermore, a salt value is added before the hash, which is randomly generated for each user. In this way, an attack with rainbow tables is virtually impossible to perform.