Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
Identification Using Password
3.
Attacks on Password
3.1.
Online Attacks
3.2.
Offline Attacks
3.2.1.
Prevention Against Offline Attacks
3.2.2.
Types of Offline Attacks
4.
Frequently Asked Questions
4.1.
What is Cryptography?
4.2.
What are types of Cryptography?
4.3.
What is Password?
4.4.
What is the use of a password?
4.5.
Is Password a Cryptographic tool?
5.
Conclusions
Last Updated: Mar 27, 2024

Enter Your Password and Make Sure it is Strong

Author Rajat Agrawal
0 upvote

Introduction

Passwords are the most common method to protect your private information. They are very frequently used for identification over the internet. But passwords are not a Cryptographic tool. The primary layer of defense for protecting sensitive data like bank accounts, private emails, and medical records is a password. As technology advanced and Internet usage continued to rise, more attempts were made to access online data, which forced users to choose ever-more-complex passwords.

Password

In this blog, we will learn how to provide security using Passwords and different attacks on Password security.

Identification Using Password

By far, the most used method of identification over the internet is passwords. Although they are not technically cryptographic tools, it might be helpful to go through some of the ways to make password-based identification more secure. People frequently use weak passwords that are simple to guess, like passwords, 123456, and abc123, which is one of the vulnerabilities of passwords. Because of this, many websites have specifications meant to compel the user to select a password that would be more difficult to decipher. Standard password guidelines include length, capital and lowercase letters, numbers and/or special symbols, etc.

As technology advanced and Internet usage continued to rise, more attempts were made to access online data, which compelled users to choose ever-more-complex passwords. However, as passwords have become more complicated, hackers have created increasingly advanced techniques to quickly and effectively decipher passwords. Seven-character passwords, originally considered more than sufficient, are now quite simple to guess, leaving sensitive data vulnerable to attack.

Let’s discuss different attacks that can be used to break/guess passwords.

Attacks on Password

There are basically two types of attacks on Passwords:-

Attacks


Let’s discuss these attacks in brief.

Online Attacks

In online attacks, the attacker tries to guess the Password in real time and needs to interact with the target system to which he is attempting to gain access. 
This type of attack can be prevented by following the standard password guidelines, including length, capital and lowercase letters, numbers and/or special symbols, etc.

Offline Attacks

In offline attacks, the attacker can access the encrypted material or a password hash and try key combinations without the risk of discovery or interference. This type of attack is more challenging to protect against. An offline attack can be carried out after a data breach has occurred. An attacker typically acquires access to a file containing user IDs and related passwords through a data breach. Of course, the adversary can access any user's account if the credentials are kept in plaintext. Therefore, if this occurrence is to be avoided, some additional safety measures must be adopted.

Prevention Against Offline Attacks

The most obvious security would be to encrypt the password file. This strategy is typically not used because there is a chance that, in the event of a data breach, the attacker may get both the password file and the decryption key. Therefore, it is advised to hash the passwords and only save the hashed message digests. It's common to refer to a hashed password as a fingerprint

The password file will store the user IDs and their accompanying fingerprints. The system will hash a user's password and compare it to the fingerprint that is kept in the password file to determine whether the password is valid. 

Types of Offline Attacks

There are mainly two types of Offline Attacks:-

  • Dictionary attacks
     
  • Brute force attacks
     

Let’s discuss these offline attacks in brief.

Dictionary Attacks

In a dictionary attack, the attacker tries a variety of weak passwords that are often used and have been assembled into a "dictionary."

Brute Force Attacks

A brute force attack involves testing every password up to a certain length in search of the right one. A more sophisticated approach is building a rainbow table, a type of time-memory tradeoff.

It is important to note that if the attacker desires, they can spend significant time and money carrying out an offline attack. Additionally, if the adversary so chooses, a table of popular passwords and their related fingerprints can be precomputed before the data breach occurs. The attacker can then simply search the password file for fingerprints corresponding to previously computed fingerprints.  As a result, the attacker can discover many weak passwords. One further observation: It's almost certain that two people with identical fingerprints will also have identical passwords. Multiple people may use the same weak password, and it is possible to identify all instances simultaneously.

Frequently Asked Questions

What is Cryptography?

Cryptography is the technique to secure sensitive data/information passing through an unsecured channel.

What are types of Cryptography?

There are mainly two types of Cryptography Symmetric Key Cryptography and Asymmetric Key Cryptography.

What is Password?

A password is confidential information, generally a string of characters, that is used to verify a user's identity.

What is the use of a password?

Passwords are your first line of defense against illegal access to your system and personal information. Your system will be more secure from hackers and bad malware if your password is strong.

Is Password a Cryptographic tool?

Passwords are not Cryptographic tools.

Conclusions

In this article, we have extensively discussed how to provide security using Passwords and different attacks on Passwords. I hope you enjoyed this blog on Enter your Password, and Make sure it is strong. 

If you want to learn more, check out our articles on What is the Rabin Cryptosystem?Message Authentication Codes in CryptographyNested MACs and HMAC in Cryptography, and CBC-MAC in Cryptography.

Also, check out these exciting courses from coding ninjas to expand your knowledge, Coding CourseCode StudioInterview ExperienceGuided PathInterview ProblemsTest SeriesLibrary, and Resources

Happy Coding!

Live masterclass