Skip to main content

Glossary post

The glossary post with the most important terms included in my research. Correct understanding of the terms below is necessary for understanding most of the posts in the blog:

 

Hash – output of complex mathematical formula. Often used to store passwords and to check integrity of data (Evans, 2018)

Honeyword – decoy password used to trigger an alarm and to detect password cracking (Juels and Rivest, 2013)

Salting – process of making hash more complex and secure (Bošnjak and Brumen, 2019)

Brute-force attack – manual attack or attack with the use of password guessing software in order to guess the password. May be offline and online. Offline attack is executed on a password hash in order to guess the password which has same hashing output as provided. Online attack is usually, but not always, manual and connected with trying most common passwords on some particular service in order to get access to an account (Evans, 2018)

Dictionary attack – an example of the offline brute-force attack executed with the help of the dictionary of pre-collected possible password (Evans, 2018)

Rainbow table attack – an example of the dictionary attack where dictionary is much more massive and consists of large range of passwords (Evans, 2018)

Multiple step authentication – the authentication method with the use of multiple ways of authentication in order to log into the system. For example, two step verification which consists of password authentication and entering the code sent via SMS to user’s phone (Bonneau et al., 2012)

Deployability of authentication method – the possibility of the authentication method to be implemented on a number of different services and devices (Bošnjak and Brumen, 2019)

Memorizing effort – complexity of the memorizing process of one particular piece of information, i.e. password, graphical password (Bošnjak and Brumen, 2019)

 

Reference:

Bonneau, J. et al. (2012) ‘The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes’, 2012 IEEE Symposium on Security and Privacy, San Francisco.

Bošnjak, L. and Brumen, B. (2019) ‘Rejecting the death of passwords: Advice for the future’, Computer Science and Information Systems, 16(1), pp. 313–332. Available from: https://doi.org/10.2298/CSIS180328016B (Accessed: 27 October 2021).

Evans, L. (2018) Cybersecurity: What do you need to know about computer and Cyber Security, Social Engineering, The Internet of things + An Essential guide to ethical hacking for beginners.

Juels, A. and Rivest, R.L. (2013) ‘Honeywords: making password-cracking detectable’, in. CCS, Berlin, Germany: ACM, pp. 145–160. Available from: https://dl.acm.org/doi/abs/10.1145/2508859.2516671?casa_token=z0BT8j2R23UAAAAA:rWbGmGVWkVHKWKFF4USMBi0I8uIyQqJtHioVEPnIGUqiPR4nPE-jmn665OBxEUVr3UrzZfDo7isQ#sec-ref.

 

 

 

Comments

  1. Carrie MansfieldDecember 1, 2021 at 5:34 AM

    Yes, nice post that you can add to as progress to final assessment.

    ReplyDelete

Post a Comment

Popular posts from this blog

Software review: Hashcat

In the following blogpost the way I used software called hashcat in my project is described. The example of using this software for dictionary attack is demonstrated. In my work I used information provided by Tavarez (2020) .   According to Porup (2020) hashcat is one of the most popular password crackers all around the world. Moreover, hashcat is included in the list of basic tools in Kali linux – linux distribution widely used by cybersecurity specialists. I installed Kali linux virtual machine in order to use this program and to show the example of a dictionary attack (Author's screenshot) However, before looking at the examples of using hashcat on practise, it is useful to understand in which areas hashcat is using. In plain words, hashcat is a password guesser which includes a number of features and pre-installed functionalities for cracking passwords by penetrating brute-force and dictionary attacks. The way it works is not too sophisticated, it hashes considerable numbe...
1 comment
Read more

Major project theme

Every person has heard about how important it is to have a well-built strong password. An essential number of people would agree that password hygiene is as important as the personal hygiene is, since violation of first may lead to much more serious consequences. However, the statistics show that 59% of users use their names and dates of birth as their passwords, 43% shared their passwords with other people and only 45% would change a password after a breach (O’Driscoll, 2020). The aim of this post is to show how to create strong passwords. It is necessary to know how passwords are cracked in order to properly understand what password can be referred as strong one. There are to ways to execute an attack: online and offline.  Online attack is done by trying different passwords one by one through a normal log in process. Usually, such attacks are unsuccessful since they are easy to detect and block if necessary (Burnett and Kleiman, 2006).  I think everybody encountered situatio...
2 comments
Read more