2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet600/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   596   597   598   599   600   601   602   603   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Dictionary Attacks 
A
dictionary attack
is an attempt to discover passwords by using every possible password in 
a predefi ned database or list of common or expected passwords. In other words, an attacker 
starts with a database of words commonly found in a dictionary. Dictionary attack databases 
also include character combinations commonly used as passwords, but not found in diction-
aries. For example, you will probably see the list of passwords found in the published Ashley 
Madison accounts database mentioned earlier in many password-cracking dictionaries. 
Additionally, dictionary attacks often scan for one-upped-constructed passwords. A 
one-upped-constructed password is a previously used password, but with one character dif-
ferent. For example, password1 is one-upped from password, as are Password, 1password, 
and passXword. Attackers often use this approach when generating rainbow tables (dis-
cussed later in this chapter). 
Some people think that using a foreign word as a password will beat dic-
tionary attacks. However, password-cracking dictionaries can, and often 
do, include foreign words.

644
Chapter 14 

Controlling and Monitoring Access
Brute-Force Attacks

brute-force attack
is an attempt to discover passwords for user accounts by systemati-
cally attempting all possible combinations of letters, numbers, and symbols. Attackers don’t 
typically type these in manually but instead have programs that can programmatically try 
all the combinations. A 
hybrid attack
attempts a dictionary attack and then performs a 
type of brute-force attack with one-upped-constructed passwords.
Longer and more complex passwords take more time and are costlier to crack than sim-
ple passwords. As the number of possibilities increases, the cost of performing an exhaus-
tive attack goes up. In other words, the longer the password and the more character types it 
includes, the more secure it is against brute-force attacks.
Passwords and usernames are typically stored in an account database file on secured sys-
tems. However, instead of being stored as plain text, systems and applications commonly 
hash passwords, and only store the hash values.
The following three steps occur when a user authenticates with a hashed password.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   596   597   598   599   600   601   602   603   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish