9. Password Attacks & Downgrade Attacks

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/8

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

9 Terms

1
New cards

Common password protection rules

  1. Be complex & not too short

  2. Avoid dictionary words

  3. Always store in encryption.

  • Pws typically stored in hash (1-way function)

2
New cards

Online pw attack

Occurs while connected directly to a system

  • Solution: Security best practices can help avoid these

3
New cards

Offline attack

Occurs when attacker has access to material independent of source system.

4
New cards

Dictionary attack

Trying every word in dictionary to gain access to system.

  • Most successful on simple pws bc attack tries each word from supplied list.

5
New cards

Brute-force attack

Relies on cryptanalysis or hashing algorithms

  • Cryptanalysis - Study of ciphers & algorithms to find weaknesses & decipher the ciphertext w/o secret key.

1.     Quicker than dictionary attacks for short pws

2.     Can take a lot of time & computing power with larger more complex pw, tries to exhaust all possible combos of letters, numbers, symbols

3.     Hybrid attack uses dictionary attack method & combines w. brute-force attacks

6
New cards

Password spraying

Tries to circumvent acct lockouts by spreading use of single pw attempts across multiple accts

1.     Failed login across many accounts simultaneously may be good indication it occurred

7
New cards

Rainbow table

Large set of precomputed hash values for every possible combo of characters that are able to reverse a cryptograph hash function

1.     Attacker only needs to do a search against pw hashes

2.     Circumvents account lockout restrictions

3.     Can be done offline

4.     Solution: add salt (more random data) to the function that creates the hashes

8
New cards

Birthday attacks

Cryptographic attacks against secure hash. Finds collisions within hash functions, efficiently brute-forces 1-way hashing.

  • Named after birthday paradox - just as you increase probability of finding any 2 birthdays that match within group, easier to find 2 inputs that have same hash.

9
New cards

Downgrade attack

Makes cryptographic attacks simpler. If server allows negotiation to downgrade to lesser version, connection is susceptible to further attacks.

1.     May occur when security config isn’t updated

2.     Attacker may intentionally choose to use a client implementation that supports less secure cryptographic versions