Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security_cert > Cryptographic Attacks > Flashcards

Cryptographic Attacks Flashcards

1
Q

Birthday attack

Known plaintext/cipher text

Rainbow tables

A

Birthday attack - brute force attack aimed at exploiting collisions in hash functions. A collision is where a function produces the same hash value for 2 different plain-texts.
Large group of people share the same birthday is 50%
Collision avoidance reduces chances
Used successfully in exploiting collisions in MD5 function to create fake SSL certs.

Known plaintext - attacker knows or guesses some of the plaintext present in a ciphertext ( but not known location)
Known cipher text - Analyst has obtained the cipher text but has no additional information.

Rainbow tables - Refine the dictionary attack approach; precomputed lookup table of all possible passwords and matching hashes. Values computed in “chains”
Salt is a random value added to plaintext
Rainbow tables are impractical when trying to discover long passwords (over 14 characters).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Dictionary attack

Brute Force Attack

Collision

A

Dictionary attack is used where there is a good chance multiple people in a group have the same birthday.

Brute Force attack - attempts every possible combination in the key space in order to derive a plaintext (password) from a ciphertext.
Difference between online and offline brute force attack
(Something that can be attacked online but is secure offline means that the space to be searched is too large for brute force to be practical, but that the implementation offers a way to get the system under attack to answer questions, such as encrypting or decrypting an arbitrary message)

Collision- different messages produce same digest; different inputs produce same output.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Downgrade Attack

Replay Attack

Weak Implementation

A

Downgrade - Can be used to facilitate a Man-in-the-Middle attack by requesting server to use a lower specification protocol with weaker ciphers and key lengths.

Replay - intercepting a key or password hash then reusing it to gain access to a resource (Pass-the Hash attack).

Weak Implementation - weakness in technology where cipher resides. Could be due to balance of cost, security and interoperability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security_cert (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions