L16 - T16A - S6 - Password Attacks

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/9

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

10 Terms

1
New cards

Password Attack

Any attack where the attacker tries to gain unauthorized access to and use of passwords – (A+) 

2
New cards

Plaintext Password weakness

  • A [partial answer/clue] can be captured by obtaining a password file or by sniffing unencrypted traffic on the network.  

    • If the protocol does not use encryption, then the threat actor can simply read the password string from the captured frames 

 

3
New cards

Password

  • Typically stored and transmitted securely by making a cryptographic hash of the string entered by the user

4
New cards

Cryptographic Hash

Produces a fixed-length string from a variable-length string using a one-way function

  • In theory, no one except the user (not even the system administrator) knows the password, because the plaintext should not be recoverable from the [answer]

5
New cards

True

  • This is not the same as cryptographic hashing.

  • The password value can easily be derived from the Base64 string

True or False: A password might be sent in an encoded form, such as Base64, which is simply an ASCII representation of binary data

6
New cards

Common password hash files and databases

  • %SystemRoot%\System32\config\SAM

  • %SystemRoot%\NTDS\NTDS.DIT (the Active Directory credential store)

  • /etc/shadow

7
New cards

False

  • This is definitely a possibility

True or False: A threat actor cannot use an on-path attack to capture a password hash transmitted during user authentication

8
New cards

Password-cracking software

Software which can be used to try to identify the password from the cryptographic hash

  • Uses 2 basic techniques

    • Dictionary

      • The software matches the hash to those produced by ordinary words found in a dictionary

    • Brute Force

      • Software tries to match the hash against one of every possible combination it could be

9
New cards

Dictionary Technique (password cracking software)

Type of password attack that compares encrypted passwords against a predetermined list of possible password values – (A+) 

  • The software matches the hash to those produced by ordinary words found in a [answer]

10
New cards

Brute Force Technique (password cracking software)

Type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords – (A+)

  • A password might be cracked in minutes if

    • The password is short (under eight characters)

    • Noncomplex (using only lower-case letters, for instance),

<p>Type of password attack where an attacker uses an application to exhaustively try <u>every possible alphanumeric combination</u> to crack encrypted passwords – (A+) </p><ul><li><p>A password might be <u>cracked in minutes</u> if</p><ul><li><p>The <u>password is short (under eight characters)</u></p></li><li><p><u>Noncomplex</u> (using only lower-case letters, for instance), </p></li></ul></li></ul><p></p>

Explore top notes

Explore top flashcards

EVE 100 Midterm 1 Flashcards
Updated 15d ago
flashcards Flashcards (55)
zoologia cnidari
Updated 223d ago
flashcards Flashcards (32)
Globalisation Key Terms
Updated 396d ago
flashcards Flashcards (46)
T&M Final
Updated 414d ago
flashcards Flashcards (56)
Les phénomènes naturels
Updated 480d ago
flashcards Flashcards (34)
romeo + juliet act I/II vocab
Updated 455d ago
flashcards Flashcards (21)
Unit 2
Updated 754d ago
flashcards Flashcards (43)
-ARE Verbi
Updated 109d ago
flashcards Flashcards (60)