Attacks on Cryptography, Hashing, Digital Signatures Flashcards
attack using the entire key space (every possible key) and every single combo
can be time consuming
brute force
prevents brute force attacks by adding 1-2 seconds to password verification
key stretching
Similar to frequency analysis but rather looks for common pairs of letter (TH, HE, ER)
Diagraph Attack
Attacker secretly relays and may alter communication between two parties who believe they are directly communicating to each other
man in the middle
An attacker takes over a web user’s session ID and masquerades as the authorized user.
Session hijacking
aka TCP hijacking
Precompiled lists of plaintext and matching ciphertexts
rainbow tables
attacker knows plaintext and ciphertext and by using those can figure out the key
known plaintext attack
Similar to known plaintext but attacker also chooses the plaintext then tries to figure out the key
chosen plaintext attack
same as chosen plaintext but attacker ‘adapts’ to following rounds dependent on the previous rounds
adaptive chosen plaintext attack
A known plain text attack, the intruder knows some parts of the plaintext and ciphertexts which have two or more secret keys for multiple encryptions using the same algorithm
meet-in-the-middle attack
attacker knows something about the key
known key attack
tries to find difference between related plaintext
differential cryptanalysis
attacker has a ton of plaintext and ciphertext pairs and studies the pairs to learn information about the key
linear cryptanalysis
differential and linear cryptanalysis combined but the attacker looks for non randomness
differential linear cryptanalysis
Using physical data to find flaws in a system. This can be CPU cycles or power consumption etc…
side channel attack
Attack where a vulnerability is left from the implementation of an application
Implementation attack
When 2 different symmetric keys used on the same plaintext produce the same ciphertext, both can decrypt ciphertext from the other key
key clustering
Attacker steals hashed password and gains access to the system by using the stolen hash
pass the hash
Similar to pass the hash but used when NTLM is disabled to request a TGT to Kerberos server with user’s hash
Overpass the hash
Attacker attempts to collect tickets held in the lsass.exe process the injects the ticket to impersonate the user
pass the ticket
Attacker uses NTLM hash to make a TGS ticket. This gives attacker privileges granted to that specific account
silver ticket
The attacker gains access to the hash of the Kerberos service account and creates any ticket in Active Directory. The account encrypts all Kerberos tickets with a hash of its own and it never changes.
golden ticket
Attackers can guess passwords and usernames by using a script kerbute.py on Linux or Rubeus because Kerberos will report whether the username is valid or not
Kerberos Brute-Force
Enables attackers to decrypt tickets and client’s password using offline attacks due to pre-authentication is not enabled
ASREPRoast
The attacker collect TGS tickets and decrypts them offline and uses them on accounts without pre-authentication enabled
Kerberoasting
The attacker tries to compromise the integrity of crypto devices by introducing external faults (ex: temperature controls)
Fault injection
When keys are kept by a 3rd party organization (often law enforcement)
Key Escrow
Digital signatures provide integrity and ______-
non repudiation
This person issues and revokes certificates
CA (certification authority)
Authenticates the certificate holder prior to certificate issuance
Done within organization
ORA (organizational registration authorities)
certificates are revoked if a private key is compromised
this list is maintained by the CA
CRL (certificate revocation list)
Client/server hybrid to check certificate expiration dates. A dynamic version of CRL
OCSP (online certification status protocol)
Chip promoted by the NSA to provide secured voice and data messages but had built in backdoor features. It used Skipjack
Clipper chip
Hash function using a key to provide authenticity and integriity
MAC (message authentication code)
Combines a shared key with hashing
A preshared key is exchanged
HMAC (hashed message authentication code)
Set of protocols that provide a cryptographic layer to IP traffic
Often used for VPNs
IPSEC
Part of IPSEC suite that provides authentication and integrity for each packet
protects against replay attacks
AH (authentication header)
Part of IPSEC suite that provides confidentiality for each packet
ESP (encapsulation security payload)
Part of IPSEC suite. Simplex connection used to negotiate ESP and AH parameters
Security Association (SA)
Part of IPSEC suite that manages SA creation process and key exchange mechanics
ISAKMP (internet security and key management protocol)
IPSEC mode that encrypts and authenticates the entire package including the headers
Tunnel mode
IPSEC mode that encrypts and authenticates the payload
Transport mode
IPSEC mode that uses different types of encryption and hashes and selects the fastest and most secure pair
Uses a web of trust model to authenticate digital certificates (if you trust me, you trust everyone i trust)
Pretty Good Privacy (PGP)
Provides a standard way to format email
Not secure
MIME (multipurpose internet mail extensions)
Uses PKI to encrypt and authenticate MIME encoded email
S/MIME (Secure/MIME)
