Podcast
Questions and Answers
Why is it dangerous for applications to store passwords as plain text?
Why is it dangerous for applications to store passwords as plain text?
What is the recommended way to store passwords securely?
What is the recommended way to store passwords securely?
How does hashing a password differ from storing it as plain text in a database?
How does hashing a password differ from storing it as plain text in a database?
Why does the text mention that hashes are a 'one way trip'?
Why does the text mention that hashes are a 'one way trip'?
Signup and view all the answers
What happens if an attacker gains access to a database storing plain text passwords?
What happens if an attacker gains access to a database storing plain text passwords?
Signup and view all the answers
What advantage do hashes offer compared to plain text when storing passwords?
What advantage do hashes offer compared to plain text when storing passwords?
Signup and view all the answers
What kind of attack involves programmatically stepping through every possible combination of a password offline?
What kind of attack involves programmatically stepping through every possible combination of a password offline?
Signup and view all the answers
What do attackers use in a dictionary attack to try to find passwords?
What do attackers use in a dictionary attack to try to find passwords?
Signup and view all the answers
Which method involves taking advantage of external high-speed processors for password cracking?
Which method involves taking advantage of external high-speed processors for password cracking?
Signup and view all the answers
What is the purpose of a rainbow table in password cracking?
What is the purpose of a rainbow table in password cracking?
Signup and view all the answers
What type of attack would an attacker be performing if they were trying to match hashes against a list of precomputed hash values?
What type of attack would an attacker be performing if they were trying to match hashes against a list of precomputed hash values?
Signup and view all the answers
What is a common strategy used by attackers during a dictionary attack?
What is a common strategy used by attackers during a dictionary attack?
Signup and view all the answers
Which type of attack generally leads to an account being locked out due to multiple incorrect password attempts?
Which type of attack generally leads to an account being locked out due to multiple incorrect password attempts?
Signup and view all the answers
'1234' is an example of what kind of password commonly used in weak security scenarios?
'1234' is an example of what kind of password commonly used in weak security scenarios?
Signup and view all the answers
What method do attackers use to find common passwords like 'ninja' or 'dragon' after performing a dictionary attack?
What method do attackers use to find common passwords like 'ninja' or 'dragon' after performing a dictionary attack?
Signup and view all the answers
What is the main characteristic of a cryptographic algorithm mentioned in the text?
What is the main characteristic of a cryptographic algorithm mentioned in the text?
Signup and view all the answers
What hashing algorithm is specifically highlighted in the text?
What hashing algorithm is specifically highlighted in the text?
Signup and view all the answers
Why is it impossible to restore the original password from its hash?
Why is it impossible to restore the original password from its hash?
Signup and view all the answers
What type of attack involves trying some common passwords on multiple accounts?
What type of attack involves trying some common passwords on multiple accounts?
Signup and view all the answers
Why do attackers use spraying attacks instead of brute force attacks?
Why do attackers use spraying attacks instead of brute force attacks?
Signup and view all the answers
What is a strong indicator that somebody is attempting unauthorized access to an account?
What is a strong indicator that somebody is attempting unauthorized access to an account?
Signup and view all the answers
In a brute force attack, what is the method used to determine a password?
In a brute force attack, what is the method used to determine a password?
Signup and view all the answers
How do attackers usually obtain usernames and password hashes from a system?
How do attackers usually obtain usernames and password hashes from a system?
Signup and view all the answers
What is the purpose of hashing passwords in a system?
What is the purpose of hashing passwords in a system?
Signup and view all the answers
What differentiates a spraying attack from a brute force attack?
What differentiates a spraying attack from a brute force attack?
Signup and view all the answers
What is the purpose of including a salt when storing passwords?
What is the purpose of including a salt when storing passwords?
Signup and view all the answers
Why do different rainbow tables need to be created for different applications or operating systems?
Why do different rainbow tables need to be created for different applications or operating systems?
Signup and view all the answers
What happens if two users have the same password but are using salted hashing?
What happens if two users have the same password but are using salted hashing?
Signup and view all the answers
What was the significance of 'collection number one' in January 2019?
What was the significance of 'collection number one' in January 2019?
Signup and view all the answers
How does salting passwords impact the effectiveness of pre-built tables like rainbow tables?
How does salting passwords impact the effectiveness of pre-built tables like rainbow tables?
Signup and view all the answers
What would be the drawback of an attacker when passwords are salted?
What would be the drawback of an attacker when passwords are salted?
Signup and view all the answers
How does salting affect identical passwords of different users?
How does salting affect identical passwords of different users?
Signup and view all the answers
What information does 'haveibeenpwned.com' provide to users?
What information does 'haveibeenpwned.com' provide to users?
Signup and view all the answers
'Collection number one' included over 1.1 billion unique what?
'Collection number one' included over 1.1 billion unique what?
Signup and view all the answers
Besides preventing rainbow table attacks, what other reason is mentioned for using salts?
Besides preventing rainbow table attacks, what other reason is mentioned for using salts?
Signup and view all the answers