Offline Password Attacks & Preventive Measures
Rainbow table attack
The best protection against this attack type is adding salt (random data) to the password before hashing.
Brute Force & Dictionary
The best method for slowing down the attacker from discovering the password is to use key stretching. This method uses thousands of rounds of hashing. This does not make the key stronger, but the attacker has to do a lot of processing to check each possible key to find the correct one. There are 2 methods on the exam:
PBKDF2 & bcrypt
No comments:
Post a Comment