CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass
Showing posts with label salting. Show all posts
Showing posts with label salting. Show all posts

Thursday, April 18, 2024

Protecting Passwords Against Offline Attacks

 Offline Password Attacks & Preventive Measures


Rainbow table attack
The best protection against this attack type is adding salt (random data) to the password before hashing.

Brute Force & Dictionary
The best method for slowing down the attacker from discovering the password is to use key stretching. This method uses thousands of rounds of hashing. This does not make the key stronger, but the attacker has to do a lot of processing to check each possible key to find the correct one. There are 2 methods on the exam:
PBKDF2 & bcrypt
Posted by at No comments:
Labels: , , , , , , , , ,

Thursday, April 11, 2024

Pass the Hash Attack

 PtH (Pass the Hash Attack)

Attackers and penetration testers use the pass-the-hash attack. This allows them to achieve lateral movement or pivot to other systems in the network.

You do not have to crack the password, as the hash is the password.

One way to prevent this attack is to use group policy to prevent the caching of administrator passwords.

The other is to use the password-salting method. That way, the hashes will be completely different even if the admin uses the same local password for each system.


Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)