How does password cracking differ from a password attack in terms of data handling?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

How does password cracking differ from a password attack in terms of data handling?

Explanation:
The main idea is that password cracking happens offline, while a password attack against a live system involves online attempts. When cracking, an attacker typically has a dump of hashed passwords from a breach and works on those hashes locally, outside of the target system. The goal is to recover plaintext passwords without interacting with the actual login process. In contrast, a password attack against a live login sends guesses to the authentication service and tests whether they grant access. This means handling real-time authentication data and dealing with responses from the system, including potential lockouts or detection. So, the data handling difference is offline hash processing versus online credential submission to the live login.

The main idea is that password cracking happens offline, while a password attack against a live system involves online attempts. When cracking, an attacker typically has a dump of hashed passwords from a breach and works on those hashes locally, outside of the target system. The goal is to recover plaintext passwords without interacting with the actual login process. In contrast, a password attack against a live login sends guesses to the authentication service and tests whether they grant access. This means handling real-time authentication data and dealing with responses from the system, including potential lockouts or detection. So, the data handling difference is offline hash processing versus online credential submission to the live login.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy