2.4.5 Cryptographic & Password Attacks
Cryptographic and password attacks focus on the recovery of plaintext data or credentials by exploiting weaknesses in authentication protocols, human behavior, or encryption algorithms.
Common Password Attack Vectors - Brute Force: An exhaustive attack that tries every possible character combination until the correct one is found. While guaranteed to work eventually, it is computationally expensive and slow for long passwords. - Dictionary Attack: Uses a pre-defined list of common words, phrases, and leaked passwords (a "dictionary file"). Attackers rely on the fact that humans often choose predictable terms like "Password123" or "QWERTY." - Rainbow Table: A high-speed attack using pre-calculated tables of password hashes. This trades disk space for speed, allowing attackers to look up a hash and instantly find the corresponding plaintext. - Spraying: A "low and slow" attack where one common password (e.g., Summer2024!) is tried against many different user accounts to avoid triggering account lockout policies.
Cryptographic Analysis & Hash Attacks - Hash Identification: Attackers identify the algorithm used by the length/format of the hash. For example, a 32-character hexadecimal string typically indicates MD5. - Offline Cracking: Attackers steal a password database (often stored as hashes) and run cracking tools locally. This bypasses network latency and lockout mechanisms. - Collision Attack: Occurs when two different inputs produce the same hash output, allowing an attacker to bypass integrity checks. - Salting: The primary defense against pre-computed attacks (like Rainbow Tables). A unique, random string is added to the password before hashing, ensuring that the same password produces a different hash for every user.
Security Tools & Auditing - Cracking Software: Legitimate tools used for security auditing and password recovery. Common examples include Hashcat, John the Ripper (Linux), and Cain & Abel (Windows). - Policy Enforcement: Organizations must enforce Complexity, Length, and Expiration via technical controls to mitigate human-centric vulnerabilities. - MFA (Multifactor Authentication): The most effective defense against password-only attacks, as it requires additional proof of identity beyond the knowledge factor.
Quick recall - MD5: A legacy 128-bit hash often used in examples; highly vulnerable to collisions. - Salt: Defeats rainbow tables by making every hash unique. - Account Lockout: Effective against online brute force; ineffective against offline cracking. - Dictionary File: A text file containing millions of potential passwords used to speed up cracking. - White-hat Cracking: Security professionals should periodically crack their own organization's hashes (with approval) to test policy compliance.