Brute Force Attacks Flashcards
1
Q
Brute force
A
- The password is the key
- Secret phrase, stored hash
• Brute force attacks - Online • Keep trying the login process • Very slow • Most accounts will lockout after a number of failed attempts
- Brute force the hash - Offline
- Obtain the list of users and hashes
- Calculate a password hash, compare it to a stored hash
- Large computational resource requirement
2
Q
Dictionary attacks
A
- People use common words as passwords
- You can find them in the dictionary
• If you’re using brute force,
you should start with the easy ones
• password, ninja, football
- Many common wordlists available on the ‘net
- Some are customized by language or line of work
• This will catch the low-hanging fruit
• You’ll need some smarter attacks
for the smarter people