CPTS-Password Attacks

Question 1

Explain the CIA Triad

Answer 1

The CIA Triad consists of Confidentiality, Integrity, and Availability.

• Confidentiality: Ensures that data is accessible only to authorized individuals.
• Integrity: Ensures that data remains accurate and unaltered.
• Availability: Ensures that data and systems are accessible when needed.

Question 2

Explain the Common Uses of Passwords

Answer 2

Passwords are the most common authentication method.

• Strong passwords include length, complexity, and randomness.
• Salting and hashing enhance password security.
• Common password attacks include brute force, dictionary attacks, and credential stuffing.

Question 2

Explain Authentication Factors

Answer 2

Authentication factors verify a user’s identity. They include:

• Something You Know (e.g., Passwords, PINs, Security Questions).
• Something You Have (e.g., Smart Cards, Hardware Tokens, OTPs).
• Something You Are (e.g., Biometrics like Fingerprints, Retina Scans).

Question 3

Explain /etc/shadow

Answer 3

• Stores hashed user passwords.
• Only readable by the root user.
• Uses hashing algorithms like SHA-512 for security.

user:$1$.pj1GQnU$ZWEt3P2/CpbqeiWGa/Ymd1:18556:0:99999:7:::

Column 1: User login name
- Represents the username of the account (user in this case).

Column 2: Encrypted password
- Algorithm ID
- ($1$): Defines the hashing algorithm used ($1$ means MD5, $6$ would mean SHA-512, etc.).
- Salt (pj1GQnU): A random string added to the password before hashing to make each hash unique.
- Hash (ZWEt3P2/…): The actual hashed password output.

User login name | Encrypted password |