CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass
Showing posts with label bcrypt. Show all posts
Showing posts with label bcrypt. Show all posts

Tuesday, October 8, 2024

Key Stretching - Protecting Passwords

 Key Stretching

Key stretching is a way of slowing the attacker down from discovering a password in a hashed format. This method uses thousands of rounds of hashing. It first hashes the password, then hashes the hash, and continues this process.

The attacker would have to guess the password and start the hashing process by testing each hash until they find a match.

There are two main methods of key stretching: bcrypt & PBKDF2 (Password-Based Key Derivation 2)
Posted by at No comments:
Labels: , , ,

Thursday, April 18, 2024

Protecting Passwords Against Offline Attacks

 Offline Password Attacks & Preventive Measures


Rainbow table attack
The best protection against this attack type is adding salt (random data) to the password before hashing.

Brute Force & Dictionary
The best method for slowing down the attacker from discovering the password is to use key stretching. This method uses thousands of rounds of hashing. This does not make the key stronger, but the attacker has to do a lot of processing to check each possible key to find the correct one. There are 2 methods on the exam:
PBKDF2 & bcrypt
Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)