Course Overview
1.0: Threats, Attacks, and Vulnerabilities
Section 1.0: Test Your Knowledge
Section 1.0: Identifying Scenario & Questions
2.0: Technologies and Tools
Section 2.0: Test Your Knowledge
Section 2.0: Identifying Scenario & Questions
3.0: Architecture and Design
1 of 3

1.2.6 Cryptographic Attacks

cryptographic attack is a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme.

WORDS

DEFINITION

LAYMAN'S TERM

Birthday

This is a cryptographic attack that uses probability theory. The attack can be used to abuse communication between two or more parties.   

Known Plain Text/Cipher Text

The result of encrypting plaintext. Ciphertext is not in an easily readable format until its decrypted.

 

This is a cryptographic attack that hides any type of plain text visible for humans to read.

Rainbow tables

This cryptographic attack uses combinations of character hashes to discover passwords.

Remember: A hash is a string of random-looking characters that uniquely identifies that data in question, similar to how our fingerprint identifies us.

Dictionary

This cryptographic attack uses a method of trying every word the dictionary holds from letter “A” – “Z”. The attacker doesn’t manually type these words in, he/she uses a script along with a file with all the available words.

Hash Collision

This cryptographic attack creates passwords in hopes of getting the same hash as the user they are attacking in efforts to gain access to something. 

Remember: A hash is a string of random-looking characters that uniquely identifies that data in question, similar to how our fingerprint identifies us.

Downgrade

A legitimate request to a server to use a weak, deprecated algorithm that’s easier to crack in hopes of then successfully getting keys, passwords, and so forth.

This cryptographic attack sends a request to a server that accepts the use of an algorithm to gain access to a server for information. 

Algorithm: A process or set of rules to be followed in calculations or other problem-solving operations, especially by a computer.

Replay

An attack  where the attacker captures some type of legitimate traffic and resends it as needed to do something malicious.

This cryptographic attack happens when the attacker gathers real traffic and sends it when wanting to do something harmful to a user information or their system. 

Weak implementations

Exploits implementation weaknesses, such as in software, the protocol, or the encryption algorithm. A statistical attack exploits weakness in a cryptosystem such as inability to produce random numbers or floating-point errors.

This cryptographic attack basically runs test against software, protocol or encryption algorithms to see if it can be broken. 

Brute force

Online vs. offline

Online attacks involve an online entity – an entity that is available in real time to be used by an attacker. 

Offline attacks are attacks that can be performed without such an entity – an attacker has access to an encrypted file.

If an attacker attacks a network service then an online attack was performed.

If an attacker gain access to offline items such as, encrypted files or folders, then an offline attack was performed.