Domain 2 · 2.4 Indicators of Malicious Activity

2.4.5 Cryptographic & Password Attacks

13 min

Cryptographic and password attacks focus on the recovery of plaintext data or credentials by exploiting weaknesses in authentication protocols, human behavior, or encryption algorithms.

Common Password Attack Vectors - Brute Force: An exhaustive attack that tries every possible character combination until the correct one is found. While guaranteed to work eventually, it is computationally expensive and slow for long passwords. - Dictionary Attack: Uses a pre-defined list of common words, phrases, and leaked passwords (a "dictionary file"). Attackers rely on the fact that humans often choose predictable terms like "Password123" or "QWERTY." - Rainbow Table: A high-speed attack using pre-calculated tables of password hashes. This trades disk space for speed, allowing attackers to look up a hash and instantly find the corresponding plaintext. - Spraying: A "low and slow" attack where one common password (e.g., Summer2024!) is tried against many different user accounts to avoid triggering account lockout policies.

Cryptographic Analysis & Hash Attacks - Hash Identification: Attackers identify the algorithm used by the length/format of the hash. For example, a 32-character hexadecimal string typically indicates MD5. - Offline Cracking: Attackers steal a password database (often stored as hashes) and run cracking tools locally. This bypasses network latency and lockout mechanisms. - Collision Attack: Occurs when two different inputs produce the same hash output, allowing an attacker to bypass integrity checks. - Salting: The primary defense against pre-computed attacks (like Rainbow Tables). A unique, random string is added to the password before hashing, ensuring that the same password produces a different hash for every user.

Security Tools & Auditing - Cracking Software: Legitimate tools used for security auditing and password recovery. Common examples include Hashcat, John the Ripper (Linux), and Cain & Abel (Windows). - Policy Enforcement: Organizations must enforce Complexity, Length, and Expiration via technical controls to mitigate human-centric vulnerabilities. - MFA (Multifactor Authentication): The most effective defense against password-only attacks, as it requires additional proof of identity beyond the knowledge factor.

Quick recall - MD5: A legacy 128-bit hash often used in examples; highly vulnerable to collisions. - Salt: Defeats rainbow tables by making every hash unique. - Account Lockout: Effective against online brute force; ineffective against offline cracking. - Dictionary File: A text file containing millions of potential passwords used to speed up cracking. - White-hat Cracking: Security professionals should periodically crack their own organization's hashes (with approval) to test policy compliance.