L2 - Passwords and password cracking Flashcards
Name a few common password cracking strategies
- Exhaustive search (brute force)
- Intelligent search
- Dictionary attack
- Brute force attack
- Rainbow table attack
How does Exhaustive search (brute force) work?
A typical example would be trying all possible combinations of a certain lenght, for example an ATM pin-code or door code.
How does Intelligent search work?
Search through a context of names which may be related to the user you are trying crack the password for, the context could be:
- their name
- name of friends
- relatives
- car brands
- etc.
Dictionary attack is an example of this type of approach
How does Dictionary attack work?
E.g the hacker has a list of stolen hashes and access to the hashed passwords for users, the list of stolen hashes is compared to the list of hashed passwords of users to see if any of these match the list of stolen hashes.
How does Brute force work?
You try all possible combinations until you succed, this could be guessing passwords, digits to a code.
How does Rainbow Table Attack work?
A Rainbow table is precomputed huge table of hash values to a specific hash function. Meaning a Rainbow Table can never contain two different hash functions.
The next step is to obtained a leaked table of password hashes which can then be compared to the Rainbow Table for swift hacking.
Due to what is known as salting Rainbow Table Attacks has decreased
What is a security policy?
A security policy is a general document which sets the role security has within an organization.
What is a security policy?
A security policy is a general document which sets the role security plays within an organization.
What is a password policy?
A password policy is a document for the benefit of the companies employees so that they may understand the requirements in creating proper passwords