Possible defences against brute force attacks
- Limit logins per IP
- Limit logins per user account
- During a possible attack, limit logins to humans
- Block the entire network
- Two-factor authentication
- Monitor login attempts
!! every defense can also introduce problems and has the potential to make the system less user-friendly
Explain how a block cipher works
A block cipher is a deterministic algorithm that:
• Takes a fixed-size plaintext block (e.g., 128 bits)
• Uses a secret key
• Produces a fixed-size ciphertext block (same size)
What is required if the length of the message to encrypt is not amultiple of ht ecipher’s block size?
If a plaintext block is incomplete, the remaining bits need to be filled up with padding before encryption.
If padding was added, it must be stripped off after decryption.
What is achieved with SHA256?
SHA256 is a one way function. If the password file is stolen, an attacker annot efficiently reverse SHA256 to obtain the plaintext passwords. Avoids that the password is used elsewhere.
How can SHA256 be attacked?
Obtain a dictionary of commonly used passwords, hash all entries, compare the hashed to the stolen password hashes.
– Random passwords can be brute forced by password guessing
– Rainbow tables are pre computed hash-word lists. look up the hash
