Professional Documents
Culture Documents
Computer Security and Penetration Testing: Encryption and Password Cracking
Computer Security and Penetration Testing: Encryption and Password Cracking
Testing
Chapter 6
Encryption and Password Cracking
Objectives
• Understand basic cryptographic principles
• Understand the fundamentals of encryption
• Describe the most common ciphers in use today
• Identify the most common attacks on passwords
• Use various programs for cracking passwords
• Strong passwords
– Good defense against unwanted entry
• Guessing, stealing, or cracking passwords
– Foundation of defeating any kind of security
• Substitution
– Replacement of a letter or group of letters with
another letter or group of letters
– Enigma
• Possibly the most famous substitution cryptography
machine
• Used by the German Army during World War II
– Turing Bombe
• Machine to crack the “Enigma Code”
• Developed by Alan Turing
• Substitution (continued)
– Colossus
• Programmable computer (1943 by Max Newman)
• Common terms when dealing with cryptography
– Cleartext
– Cyphertext
– Key
– Algorithm
– Hash
Chapter 7
Spoofing
Objectives
Understand the mechanics of spoofing
Describe the consequences of spoofing
Define various types of spoofing
List and describe some spoofing tools
Learn how to defend against spoofing
Costs to the victims of successful spoofing attacks
Are tied to the amount of information that was copied and the
sensitivity of the data
Tangible and intangible losses
Successful spoof attacker usually leaves back door
To get back in later
Economic Loss
May occur when valuable data is lost or duplicated
Surreptitious nature of a successful spoofing attack
Company might not know what happened or when
Strategic Loss
Loss of strategic data that outlines events planned for the
future
Could lead to loss of both money and goodwill for the
spoofed company
General Data Loss
Usually has less of an impact than the first two categories of
losses
Comes from unsecured documents used by employees
Working on various projects or engaged in the day-to-day
business of the company