Password Attacks+
P@$$W0RD$
Hello all after quite a long time. Sorry that it’s been over a month since my last post, but I was cracking down on school work with my senior design project and finals the past few weeks. I thought that I would crank this post out since I have found some free time.
Today’s post will be password attacks, and yes, this goes over Security+ curriculum.
I would highly recommend reading my post on hashing prior so that you understand how passwords are stored.
Password attacks are a method in which someone can login as you by using your password which they retrieve using one or multiple of the methods listed. Email addresses and usernames are usually very easy to find, but passwords are special as they are held and stored differently.
To prevent password attacks from being successful relies on your ability to make a good password and for the service that you are using to handle that password properly, which you cannot control. A common, modern practice is combining multiple words or phrases together and replacing letters with special characters, e.g. “13atB@n@n@Br3ad”. Password generators with password manager programs is optimal, but that’s for another post for another time. Multi-Factor Authentication (MFA) renders these attacks almost useless, but let’s not get too far ahead of ourselves.
Brute Force
Brute force attacks are the simple act of guessing passwords until you get it right. Its effectivity can be amplified through the use of social engineering. For example, if you know that the person whose password your trying to crack really likes golf, then you would try golf-related passwords in your brute force attack.
Spraying
Password spraying is the act of attempting to compromise a large number of accounts by guessing commonly used passwords. These passwords are usually something along the lines of “Password!” or “baseball1”. This is a form of brute-force attacking.
A good method of circumventing this attack is to obviously have a good password. Another is to set a rule that locks out accounts after a certain amount of login attempt failures. However, when trying to access a large sample of accounts, locking may not be as effective.
Dictionary Attack
Dictionary attacks are used to crack password hashes. You should know what hashes are by now. These dictionaries are large lists of possible passwords, similar to that of a dictionary. These lists usually have previously cracked passwords from prior hacks and database leaks.
How it works is that you have your list of password hashes on one hand, and you have your dictionary on the other. You run across each word in the dictionary (some programs replace characters like S with $ automatically), hash it, and compare it against your list of hashes.
Dictionary attacks usually only succeed when people choose short and easy to remember passwords.
Rainbow Tables
Similar to that of a dictionary attack, rainbow tables have a large list of words to compare with a list of hashes. However, this list also contains the precomputed hash of the possible password. This saves time by instead of hashing each possible password, it simply compares each hash to your list of hashes.
An issue with rainbow tables is that they can get huge. Dictionary attacks also have this issue. It might be a bit obnoxious to have a 15GB file you need to download if you’re cracking passwords on the fly.
Plaintext/Unencrypted
As alluded to before, there is an element of trust that exists when you sign up for an online service. If that service handles your password improperly, it can be cracked with relative ease.
Neopets is an example of an online service that stored your passwords in plaintext. They were then hacked in 2016 and their database was leaked of the plaintext passwords. This would be a nightmare if you use the same password for everything. You don’t, right?
Also, shoutout to PHP’s mysql_escape and mysql_real_escape functions.
That’s it for this post. Just wanted to write a quick one since I had some free time. Thanks for reading!
Go!
-BowTiedCrawfish