Cryptographic & Password Attacks

Question 1

Cryptographic Attacks

Answer 1

Cryptographic attacks → attacks where an adversary attempts to access encrypted data by exploiting weaknesses in algorithms, implementations, or configurations without possessing the correct decryption keys.

Question 2

Hash Collision

Answer 2

Hash collision → also known as a birthday attack, technique where two different inputs are crafted to produce the same hash value, undermining integrity and trust in the hashing algorithm.

Question 3

Downgrade Attack

Answer 3

Downgrade attack → attack that forces systems to fall back to weaker security settings or older protocols, making encryption easier to break or bypass.

Question 4

SSL Stripping

Answer 4

Secure sockets layer stripping (SSL stripping) → downgrade attack combined with an on-path attack where encrypted hypertext transfer protocol secure connections are downgraded to unencrypted hypertext transfer protocol without the user noticing.

Question 5

In The Clear

Answer 5

In the clear → state where data is transmitted or stored without encryption, making it readable and vulnerable to interception or exposure.

Question 6

Hashing a Password

Answer 6

Hashing a password → process of converting a password into a fixed-length hash value so the original password is not stored, improving security if the database is compromised.

Question 7

Spraying Attack

Answer 7

Password spraying attack → authentication attack that attempts a small number of common passwords across many accounts to avoid account lockouts and detection.

Question 8

Brute Force Attack

Answer 8

Brute force attack → attack that systematically tries every possible password or key combination until the correct one is found, relying on computational power rather than finesse.