Password-based Authentication

Definition

Password-based Authentication

Authentication based on passwords.

Attack Vectors

Guessing the correct password (social engineering, trial-and-error)
Interception during the input transmission
Theft of the password’s list stored on the system

Attack Types

Offline Attack

The attacker managed to obtain access to the passwords list and tries to recover the (typically protected) stored passwords.

Online Attacks

The attacker interacts directly with the server where they want to authenticate (e.g. via the login form on a website).

Strategies

Dictionary-based Attack

Definition

Dictionary Attack

A dictionary attack is a password recovery attack that tries passwords drawn from a precompiled list of likely candidates, called a dictionary.

Unlike a brute-force attack, it does not enumerate the entire search space; it exploits the tendency of users to choose predictable passwords.

Link to original

Brute-force Attack

Definition

Brute-force Attack

A brute-force attack is a cryptanalytic attack that systematically enumerates every candidate in a search space until the correct one is found.

Given a key space $K$ , the attacker tests each $k \in K$ against the target (e.g. a ciphertext, a password hash, or an authentication oracle).

Link to original

Lukas' Notes

Password-based Authentication

Definition

Attack Vectors

Attack Types

Offline Attack

Online Attacks

Strategies

Dictionary-based Attack

Definition

Brute-force Attack

Definition

Graph View

Table of Contents

Backlinks