Hashing Attacks Flashcards
What are the two hashing attacks?
Pass the Hash
Birthday Attack
What is a pass the hash attack?
When an attacker gains the hash of a users password. They take the hash and input it as the password and successfully login.
What is a birthday attack?
When two different inputs create the same hash. Essentially the wrong password becomes the right password.
How do you increase the strength of a hash?
Key stretching, Salting, and Nonces
What is key stretching?
Essentially, you talk a weak hash, and run it through a stronger hash to create a 128-bit hash.
What is salting?
Adding random inputs (filler) to extend the password before you put it through a hash.
What is a nonce?
A psuedo-random number is added to the password before you hash it.