Brute Force Attacks Flashcards

1
Q

Brute force

A
  • The password is the key
    • Secret phrase, stored hash
• Brute force attacks - Online
  • Keep trying the login process
  • Very slow
  • Most accounts will lockout after a number of failed
attempts
  • Brute force the hash - Offline
    • Obtain the list of users and hashes
    • Calculate a password hash, compare it to a stored hash
    • Large computational resource requirement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Dictionary attacks

A
  • People use common words as passwords
    • You can find them in the dictionary

• If you’re using brute force,
you should start with the easy ones
• password, ninja, football

  • Many common wordlists available on the ‘net
    • Some are customized by language or line of work

• This will catch the low-hanging fruit
• You’ll need some smarter attacks
for the smarter people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly