2 cissp ® Official Study Guide Eighth Edition

266
Chapter 7 
■
PKI and Cryptographic Applications
There are two modifications that attackers can make to enhance the effectiveness of a 
brute-force attack:
■
Rainbow tables provide precomputed values for cryptographic hashes. These are 
commonly used for cracking passwords stored on a system in hashed form.
■
Specialized, scalable computing hardware designed specifically for the conduct of 
brute-force attacks may greatly increase the efficiency of this approach.
Salting Saves Passwords
Salt might be hazardous to your health, but it can save your password! To help combat 
the use of brute-force attacks, including those aided by dictionaries and rainbow tables, 
cryptographers make use of a technology known as 
cryptographic salt
.
The cryptographic salt is a random value that is added to the end of the password before 
the operating system hashes the password. The salt is then stored in the password file 
along with the hash. When the operating system wishes to compare a user’s proffered 
password to the password file, it first retrieves the salt and appends it to the password. It 
feeds the concatenated value to the hash function and compares the resulting hash with 
the one stored in the password file.
Specialized password hashing functions, such as PBKDF2, bcrypt, and scrypt, allow for 
the creation of hashes using salts and also incorporate a technique known as 
key stretch-
ing
that makes it more computationally difficult to perform a single password guess.
The use of salting, especially when combined with key stretching, dramatically increases 
the difficulty of brute-force attacks. Anyone attempting to build a rainbow table must 
build a separate table for each possible value of the cryptographic salt.

Download 19,3 Mb.

Do'stlaringiz bilan baham: