Topic 3A Flashcards
(8 cards)
What are password crackers?
Stuff like password spraying, brute force, dictionary and rainbow tables.
What is password spraying?
A password spraying attack selects a few common passwords and enters the passwords when trying to login to several user accounts.
What are brute force attacks on passwords?
In automated bruce force attacks, every possible combination of letters, numbers and characters are used to create encrypted passwords that are matched against the stolen hash file.
In online brute force attacks, the same account is attacked continuously (called pounding)by entering different passwords.
Offline brute forces attacks use the stolen hash files and is able to try different keys without the risk of discovery or interference which has the highest chance of success.
What is a rule attack?
Conducts a statistical analysis on stolen passwords that is used to create a mask to break the largest number of passwords
What is the 3 steps in rule attacks?
- a small sample of the stolen passwords in plaintext file is obtained.
- Statistical analysis is performed on the plaintext file to determine the length and character sets of the passwords.
- A series of masks is generated that will be most successful in cracking the highest percentage of passwords.
What is a dictionary attack?
In a dictionary attack, the attack creates a digest of common dictionary words and compares it against a stolen digest file.
What are rainbow tables?
They create a large pre-generated data set of candidate digests. They can be used repeatedly, are faster than dictionary attacks and use less memory on the attacking machine.
What is multifactor authentication?
MFA is when a user is using more than one type of authentication credential.
This includes Single factor auth with is when a user only uses one type of auth and 2FA which uses two types.
Specialized devices, smartphones and security keys are usually used for authentication.
