Passwords Flashcards
(6 cards)
What are the 3 steps of offline dictionary attacks?
1) attacker gets a password file 2) attacker gets an encrypted/hashed password 3) attackers tries password from dictionary of common passwords, and compares with the encrypted/hashed one
What are 3 countermeasures to offline attacks?
Store hash of password, add password to salt, keep passwords away from userIDs
What are 3 properties of Hash Functions?
1) Non reversible (use hash to hash, cannot use to unhash) 2) Fixed size produced 3) Hash produced is unique
What are 4 step to hash salting?
1) Get password 2) Add salt 3) Compute hash 4) Store hash and salt
What are Rainbow Tables?
precalculated tables for reversing hash functions
What are 2 positives of Rainbow Tables?
Rainbow tables do not take much space, brute force takes much more time
