Hello,

I need two responses of at least 100 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.

1) Using course resources and the Internet, please explain the following Password-Cracking Methods:

a. Brute-Force attack
b. Dictionary attack
c. Syllable attack
d. Rule-based attack
e. Hybrid attack
f. Password guessing
g. Rainbow attack

Student one:

A brute force attack is one of the most widely used methods of password attacks. Basically, its trial and error, where the computer attempts to gain entry by trying passwords until it comes across the correct one. Various software programs are used that will try every combination of likely credentials until the match is found. With the computing power available today, even the strongest algorithms may be broken, given enough time. (Kim & Solomon, 2014)

A dictionary attack is similar to a brute force attack in that it repeatedly tries certain credentials until it gets the right one, however, this type of attack relies on the idea that the user whose account is being attacked made a poor choice of password. The list of words used to attack the account is derived from, surprise, a dictionary. This doesn’t necessarily need to be the dictionary as we know it, as the attack will also substitute in symbols and letters to increase the number of combinations. (Kim & Solomon, 2014)

A syllable attack is a mixture of both a brute force and a dictionary attack. It will operate similar to that of a brute force, however, the “words” it uses are fragments of actual dictionary words, rearranged or combined into new forms to generate potential passwords. (Skillset, 2019)

A rule-based attack is used when the parameters of a password are known. The attacker will use these password rules, such as a number of characters, combined with number or symbol requirements. This allows the attacker to reduce the amount of time spent on attempts that would not meet the requirements anyway. (Skillset, 2019)

A Hybrid attack is a type of dictionary attack, but it is able to swap out various characters and letters in an attempt to find different versions of the same word. (Skillset, 2019)

Password guessing is really what all of these other attacks so far fall under. The name is self explanatory, and there are several methods that can be used, either manual, or automated, such as the previous examples. The previous examples are simply expediting the guessing process.

A rainbow attack is really cool. I had never heard of it before now, and the idea behind it is interesting. When passwords are stored, typically, the actual password gets hashed, and the hash value is then stored. When you put your password in in the future, it is hashed, then compared with the stored hash, and then access is granted. The Rainbow table attack is a faster brute-force. Rather than trying a different password every time, the passwords it would try are already hashed, and the instead, the values are compared. This simplifies the process to only matching hash values, as opposed to inputting the password, hashing it, querying the database for a match etc. This is beneficial in the sense that you don’t actually have to know the password, only the hash value (different passwords can actually generate the same hash value). One downfall of this is that the rainbow tables take up a significant amount of storage comparatively. (ParthDutt, 2018)

Nick

Kim, D., & Solomon, M. (2014). Fundamentals of information systems security(2nd ed.). Burlington, MA: Jones & Bartlett Learning.

ParthDutt. (2018). Understanding Rainbow Table Attack. Retrieved from https://www.geeksforgeeks.org/understanding-rainbo…

Skillset. (2019). What is a syllable password attack? Retrieved from https://www.skillset.com/questions/what-is-a-sylla…

Student two:

1) Using course resources and the Internet, please explain the following Password-Cracking Methods:

a. Brute-Force attack

Is a password cracking technique that attempts to use all character combinations to find the password. This technique can take a lot of time. It works best on 8 character or less passwords.

b. Dictionary attack

Dictionary attacks are similar to brute force attacks, but instead of using combination of characters it uses words from a dictionary.

c. Syllable attack

This attack combines brute force and the dictionary attack. The hacker takes syllables from all the dictionary words and combines them anyway the hacker can think of.

d. Rule-based attack

This attack is as advertise, the hacker sets up rules to run their program to try and crack the password. This allows the hacker to be creative with the rules. Some hackers only use this attack if they have some information on the attack to set the rules by. This is considered one of the more powerful attacks.

e. Hybrid attack

This attack is a combination of brute force and dictionary attacks. It takes words from the dictionary and adds characters in front and behind the dictionary words. For example, this type of attack might use college01 or college 001 and even 01college in an attempt to find the password.

f. Password guessing

Password guessing is when the hacker attempts to guess easy to remember passwords that the user might use. For example, the hacker might use names of children or relative.

g. Rainbow attack

I have heard of all these cracking techniques but this one. This attack is used on passwords that are nine characters or less. It uses a pre-defined table of hashes. Each table is set up for a specific length of passwords. Passwords are stored in computer systems as hashed functions instead of plain text. So, when you enter your password it is compared to the hash value stored in the table. If they match it is authenticated. What the hacker does is build hash tables and then attempts to make a match of the hash table stored on the computer. It is much faster than a brute force attack.

References:

Best Reviews. (n.d.). The Different Types of Password Cracking Techniques. Retrieved from https://password-managers.bestreviews.net/the-different-types-of-password-cracking-techniques.

Cracking Passwords: 11 Password Attack Methods (And How They Work). (September 18, 2017). Retrieved from https://datarecovery.com/rd/cracking-passwords-11-password-attack-methods-work.

Understanding Rainbow Table Attack. (n.d.). Retrieved from https://www.geeksforgeeks.org/understanding-rainbow-table-attack.

-Jamie