Course 5 - Cryptographic Attacks
*Note: please do not try any of these attacks on a real system, only practice these on designated software
A cryptographic attack is a cyberattack that allows the attacker to bypass cryptographic defenses. The most common example of a cryptographic attack would be attempting to log into an account with different credentials because this is meant to get around the fact that credentials are hashed when stored and cannot be accessed in their databases. In this article, we will explore how different cryptographic attacks relate to this example.
*Note: This process of attempting to crack or exploit cryptographic systems is called cryptanalysis. However, cryptanalysis refers more to cracking a cryptographic algorithm rather than bypassing it.
Brute forcing, like the name implies, is the process of trying every combination of credentials in order to gain access to a system, specifically finding a password to a certain username. Obviously, there are billions of combinations for an attacker to try. Computer programs are used to speed this process up, but we could all be dead before a successful combination is found. That is why there are some strategies and variations of brute forcing that are used to find a match:
Collision-exploiting attacks take advantage of repeating hashes, or collisions. Sometimes, these can exploit errors in a poorly constructed hashing algorithm that resulted in collisions. They can also exploit repeat hashes in databases. Examples of collision-exploiting attacks are classic collision attacks and birthday attacks. A cryptographic defense to collision attacks is salting. Salting is when a random string of characters, known as a salt, is appended to the end of a credential before it is hashed. So, if two people use the same password, the added salt changes the hashes so they are not the same in storage.