PrepAway - Latest Free Exam Questions & Answers

Which of the following password attacks is MOST likely to crack the largest number of randomly generated pas

Which of the following password attacks is MOST likely to crack the largest number of randomly

generated passwords?

PrepAway - Latest Free Exam Questions & Answers

A.
Hybrid

B.
Birthday attack

C.
Dictionary

D.
Rainbow tables

Explanation:
When a password is “tried” against a system it is “hashed” using encryption so that the actual
password is never sent in clear text across the communications line. This prevents eavesdroppers
from intercepting the password. The hash of a password usually looks like a bunch of garbage and
is typically a different length than the original password. Your password might be “shitzu” but the
hash of your password would look something like “7378347eedbfdd761619451949225ec1”.
To verify a user, a system takes the hash value created by the password hashing function on the
client computer and compares it to the hash value stored in a table on the server. If the hashes
match, then the user is authenticated and granted access.
Password cracking programs work in a similar way to the login process. The cracking program
starts by taking plaintext passwords, running them through a hash algorithm, such as MD5, and
then compares the hash output with the hashes in the stolen password file. If it finds a match then
the program has cracked the password.
Rainbow Tables are basically huge sets of precomputed tables filled with hash values that are prematched to possible plaintext passwords. The Rainbow Tables essentially allow hackers to
reverse the hashing function to determine what the plaintext password might be.
The use of Rainbow Tables allow for passwords to be cracked in a very short amount of time
compared with brute-force methods, however, the trade-off is that it takes a lot of storage
(sometimes Terabytes) to hold the Rainbow Tables themselves.
With a rainbow table, all of the possible hashes are computed in advance. In other words, you
create a series of tables; each has all the possible two-letter, three-letter, four-letter, and so forth
combinations and the hash of that combination, using a known hashing algorithm like SHA-2. Now
if you search the table for a given hash, the letter combination in the table that produced the hash
must be the password you are seeking.


Leave a Reply