| Author |
I have a Question please help.
|
|
| Williamd000 2003-03-25, 12:27 am |
| Hi I need help with this question i think i have the correct answer but i want to make sure that its correct. thanks.
What kind of attack are hased passwords vulnerable to?
1-Man in the middle
2-dictionary or brute force
3-reverse engineering
4-DOS attack.
I believe its 2. | |
|
| hased ??? passwords - do you mean hashed?
interesting options, but if hashed I would say Brute Force if it was a 1 option answer.
Reasoning -
1, Man in the Middle - yes could intercept the hashed password, but would been to be decrypted.
2, Dictionary Attack uses a list of names and is usually sufficient to break most simple passwords. Brute force tries all combinations within a specified parameter.
3, Reverse Engineering is more the domain of pulling a program apart rather than decrypting a password.
4, DOS Attack - is this DoS as in Denial of Service or DOS as in attacking DOS? | |
| Hacker 2003-03-25, 3:13 am |
| Definitely 2. Reverse engineering, even if defined loosely to mean decoding the password is very unlikely. This is the reason for a hashing program--one way is easy to implement, does not need a lot of resources. However, to reverse, that is, to try to get to the original password, takes too much resources. Even if it were possible, it would take more resources than brute force cracking.
Hopes this helps. | |
| Williamd000 2003-03-25, 10:57 am |
| Thanks | |
| 117wik 2003-03-26, 6:20 pm |
| why isn't it 1 ??? If you do 'man in the middle attack' and manage to get the 'message digest' and if it's using some sort of hash algorithm that's well known to others, then you can try to hash it with all sort of different values until you get the same 'message digest'.
If you do just dictionary attack or brute force how is that going help if you don't even know what the 'message digest' is like etc??
just my own opinion anwyay, am i wrong or?? | |
|
| Refer back to my post above for the reasoning and relate it to the question.
What kind of attack are hashed passwords vulnerable to?
One can consider the Man In the Middle as the Attack and the EXPLOIT as the Brute Force Attack, however I am not certain this would be the thrust of that particular question. I think when Tcat passes through he can agree or kick me in the butt .. lol | |
| hershal 2003-03-28, 9:28 am |
| Number 2:
Man in the middle.
A "Man-in-the-middle" attack is where the the attacker interposes himself between two hosts to gain access to their data tranmissions. The attacker intercepts data transmitted from a source machine and responds to the data as if it were the destination machine. It then forwards the data to the intended destination and then intercepts and responds to the reply as if it were the original source computer.
The problem is that the password is still Hashed. Hashing means that it is encrypted. So the password, Even if caught in a man-in-the-middle, does not authenticate the attacker.
The Question states "hashed Password". Only the password is encrypted. That means that is is a simple process to "guess" (with a dictionary program or Brute Force) the password. | |
| nadeemrafi 2003-04-09, 6:53 am |
| As it is clear that password is hashed then how attacker can use it even after getting the hashed value, unless he bf the password. | |
| Hacker 2003-04-10, 7:14 pm |
| quote:
Originally posted by 117wik
why isn't it 1 ???
just my own opinion anwyay, am i wrong or??
It cannot be (1) because even if you hijack and retransmit the password, you first have to decode the password in the first place, which is hashed. Using bruteforce takes less effort than to reverse engineer a one-way hash. | |
| Tarzanboy 2003-04-12, 10:08 pm |
| #2
a. Using a dictionary and the same hash function can provide the results to a hash algorithm.
b. Hash algorithms are vulnerable to Birthday attacks, which are a form of Brute Force attack.
Incorrect answers:
#1 Reading a hash does not entail knowing the contents of the hash.
#3 The same key used to encrypt cannot decrypt
#4 Prevents access to the system, not solving/cracking the hash.
Cheers,
TB |
|
|
|