68 Questions
What is the main reason an attacker loves applications that store passwords as plain text?
Easy access to usernames and passwords
Why is storing passwords as plain text considered a security risk?
Passwords can be easily read if the database is accessed by an attacker
What is the recommended method for storing passwords securely?
Using hashes
What is unique about the hash of a password?
It is very specific to a particular password and cannot be duplicated on a system
Why is hashing considered a secure method for storing passwords?
It provides a one-way trip representation of the password
What should you do if you encounter an application storing passwords as plain text?
Stop using the application or find an upgrade that doesn't store plain text passwords
What is the primary characteristic of a cryptographic algorithm mentioned in the text?
It cannot be reversed
What hashing algorithm was specifically discussed in the text?
SHA-256
How does a spraying attack differ from brute force attacks?
Spraying attacks try only a few common passwords
In the context of password attacks, what does 'querty' represent?
A common password
What is the purpose of using 'common passwords' in password attacks?
To avoid detection by alarms
What is one reason an attacker might choose a spraying attack over a brute force attack?
Less chance of being locked out of an account
Why are the hashes of common passwords provided in the text?
To demonstrate how hashing algorithms work
'Brute force attacks' aim to find passwords by trying:
Random letters and numbers
'Spraying attacks' try to avoid alarms by:
'Trying' only a few common passwords per account
What do attackers aim to obtain in a brute force attack?
Passwords of all accounts on a system
What is the purpose of adding a salt to passwords?
To ensure different hashes for identical passwords
How does the addition of salt affect the hash of identical passwords?
It makes the hash completely random
What is the main challenge associated with rainbow tables?
Different applications may use different hashing methods
Why was 'collection number one' significant in January 2019?
It had one billion unique passwords
What impact does salting passwords have on pre-built tables like rainbow tables?
It renders the tables ineffective
How do salts contribute to the security of stored passwords?
By obscuring identical passwords
Why is it essential for each user to have a unique salt added to their password?
To differentiate identical passwords
What is the purpose of having a password manager that generates different passwords for each account?
To complicate rainbow table lookups
What kind of data is a 'salt' when used in password hashing?
A piece of unrelated, random data added to the password before hashing.
What does 'haveibeenpwned.com' allow users to check for?
If their email addresses are part of any data breaches.
What type of attack involves programmatically stepping through every possible combination of a password offline?
Brute force attack
In a dictionary attack, attackers use common words from dictionaries to guess passwords. What is another feature of these attacks?
They perform letter substitutions
What is the purpose of rainbow tables in password cracking?
To store precomputed hashes for quick password lookup
Why do attackers often use distributed cracking formats?
To speed up the password cracking process
What would be the outcome if an account is locked out after a few failed login attempts?
The account is disabled for brute force attacks
What type of characters are typically included in a brute force attack on passwords?
Letters, numbers, and special characters
What technique is used in some password cracking programs to try variations like changing 'A' to '&' and 'O' to '0'?
'Substitution' for letters
Which type of attack involves using high-speed CPUs found in GPUs to quickly crack passwords?
Hash attack
What is the function of hashing passwords in the context of password cracking?
'Comparing' stored hashes for verification
What type of attack often locks accounts out after multiple failed login attempts?
Brute Force Attack
Why is storing passwords as plain text considered a security risk?
Plain text passwords can be easily read by attackers if they gain access to the database.
What is the main advantage of hashing passwords instead of storing them as plain text?
Hashes provide a unique representation of the password that is not reversible.
Why are hashes considered a more secure method for storing passwords than encryption?
Hashes are one-way functions, making it difficult to retrieve the original password from the hash.
What is the primary risk associated with applications that store passwords in plain text?
The possibility of attackers gaining access to all user credentials easily.
How does hashing of passwords contribute to data security?
Hashing produces a unique representation of each password that prevents reverse engineering.
What is the significance of using a hash to store passwords?
Hashing provides a secure way to store passwords without revealing the original plain text passwords.
What type of attack involves going through every possible combination of letters, numbers, and special characters offline?
Brute force attack
In password cracking, what method allows attackers to quickly search for previously computed hashes?
Rainbow tables
What type of attack uses commonly found words, including those from specific dictionaries?
Dictionary attack
Which method allows attackers to quickly identify common passwords like 'ninja' and 'dragon'?
Performing a dictionary attack
What technique involves changing characters like 'A' to '&' and 'O' to '0' during password cracking attempts?
Letter substitution
How do attackers speed up the process of offline password cracking by utilizing external hardware?
Employing GPU processing power
Why is it more efficient for attackers to use a subset of words from a dictionary during password cracking?
It reduces the number of hash comparisons needed
What impact does salting passwords have on pre-built tables like rainbow tables?
It prevents the pre-built tables from working effectively.
Why is having a unique salt added to each password considered important for security?
To prevent attackers from using rainbow tables effectively.
Why is it impossible to restore a hashed password back to its original format?
Hashing is a one-way process designed not to be reversible
What characteristic of hashing makes it a secure method for storing passwords?
Hashes are one-way functions.
What is the primary purpose of a spraying attack compared to a brute force attack?
To avoid triggering alarms from repeated failed login attempts
What purpose do rainbow tables serve in password cracking?
To quickly find matching hashes for common passwords.
What makes a brute force attack time-consuming when trying to crack passwords?
Having to try every possible combination of characters
In password cracking, what is the purpose of using 'common passwords' like '1, 2, 3, 4, 5, 6'?
To increase the chances of guessing correctly
What extra security measure do programmers use to store passwords besides hashing?
Adding a random salt to each password before hashing.
What differentiates salts from plain text passwords stored in a database?
Salts are added before hashing to increase security.
What role does the hashing algorithm play in password security?
It makes it impossible to determine the original password from its hash
What distinguishes a spraying attack from a brute force attack in terms of strategy?
Spraying attacks aim to evade detection by trying only a few common passwords
Why does using 'haveibeenpwned.com' help users determine if their accounts are at risk?
It checks if the user's emails and passwords were part of data breaches.
How does including a salt with passwords make rainbow tables less effective?
It adds randomness, making each password unique even if the password is common.
How does adding a salt to passwords enhance security?
It prevents attackers from using pre-built tables like rainbow tables
Why is 'collection number one' significant in the context of data breaches?
'collection number one' included over 1.1 billion unique emails and passwords, impacting millions of users.
'1, 2, 3, 4, 5, 6' and 'querty' were mentioned in the text as examples of what?
'Weak and easily guessable passwords'
What makes rainbow tables ineffective when attacking salted passwords?
The unique salt values prevent precomputed hash lookups.
What is a notable characteristic of a cryptographic algorithm?
Creates distinct hashes for unique inputs.
Learn about the importance of secure password storage and why storing passwords in plain text can lead to security vulnerabilities. Discover best practices for storing login credentials securely to protect user data from attackers.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
