Section 8.73 Increasing Hash Security Flashcards
Objectives 1.4 Explain the importance of using appropriate cryptographic solutions. Objectives 2.3 Explain various types of vulnerabilities. Objectives 2.4 Given a scenario, you must be able to analyse indicators of malicious activity.
Increasing Hash Security: Common Hashing Attacks
Pass the Hash Attack
A hacking technique that allows the attacker to authenticate to a remote server or service by using the underlying hash of a user’s password instead of requiring the associated plaintext password
Difficult to defend against due to various Windows vulnerabilities and applications
Increasing Hash Security: Common Hashing Attacks
Birthday Attack
Occurs when two different messages result in the same hash digest (collision). Collisions in hashes can be exploited by attackers to bypass authentication systems
Use longer hash output (e.g., SHA-256) to reduce collisions and mitigate the attack
Increasing Hash Security
Key Stretching
Technique that is used to mitigate a weaker key by creating longer, more secure keys (at least 128 bits).
○ Increases the time needed to crack the key
Used in systems like Wi-Fi Protected Access, Wi-Fi Protected Access version 2, and Pretty Good Privacy
Increasing Hash Security
Salting
Adds random data (salt) to passwords before hashing. Ensures distinct hash outputs for the same password due to different salts
● Thwarts dictionary attacks, brute-force attacks, and rainbow tables
Increasing Hash Security
Nonces (Number Used Once)
Adds unique, often random numbers to password-based authentication processes and prevents attackers from reusing stolen authentication data.
● Adds an extra layer of security against replay attacks
Increasing Hash Security
Limiting Failed Login Attempts
● Restricts the number of incorrect login attempts a user can make
● Increases security by deterring attackers attempting to guess passwords
● Typically, lock the account after three incorrect attempts
