Frederickson Security Consultants is currently conducting a security audit on the networks of Hawthorn Enterprises, a contractor for the Department of Defense. Since Hawthorn Enterprises conducts business daily with the federal government, they must abide by very stringent security policies. Frederickson is testing all of Hawthorn’s physical and logical security measures including biometrics, passwords, and permissions. The federal government requires that all users must utilize random, non-dictionary passwords that must take at least 30 days to crack. Frederickson has confirmed that all Hawthorn employees use a random password generator for their network passwords. The Frederickson consultants have saved off numerous SAM files from Hawthorn’s servers using Pwdump6 and are going to try and crack the network passwords. What method of attack is best suited to crack these passwords in the shortest amount of time?
A.
Brute force attack
B.
Birthday attack
C.
Dictionary attack
D.
Brute service attack
There is no way this is right. It says “in the shortest amount of time.” None of the answers appear right. A Brute Force would take FOREVERRRR.
Yeah I think something is definitely up with this question cause brute force cannot be right. seriously.
Birthday attack & Dictionary attack couldn’t use when all Hawthorn employees use a random password generator for their network passwords.
I think Brute force attack is the only solution in this situation althrough it is not good.
sometimes the brute force attack IS the fastest method
Assuming that all employees ARE really compliant, and aren’t using anything in a dictionary, then brute force is the fastest way that will eventually work, one day. lol If you do dictionary and no passwords are found, then it failed, while a brute force will eventually get it, when your grandchildren are 100 years of age.
why don’t brute service? a large numbers of precalculated hash are better…
ok ok. I found the answer while writing. You have to win the race, not to try to win. If only one password is not in the pre-calculated block you have failed.