MidTerm-Quiz103

Review the Winhex Bitshifting demonstration in the textbook

I dont know. T'was bolded

True or False: Steganography is a data hiding method

True.

If you encrypt a plaintext file with PGP and insert the encrypted text into a
steganography file...
cracking the encrypted message is extremelly difficult

How do you decode an encrypted file?

Using a password or passphrase.

...yep. Thats it

What technology do many encryption programs use?

Key escrow.

What is key escrow?

It is designed to recover encrypted data if users forget their password or if the user
key is corrupted after a system failure

True or False: Password-cracking tools are available for handling password-

protected data or systems. Some of these are integrated into digital forensics
tools?
True. E.g. OSForensics

List some standalone password-cracking tools

last bit
accessData PRTK
ophcrack
John the Ripper
Passware

What is a brute force attack?

In a brute-force attack, an attacker simply tries to guess every possible
combination for a password. Automated cracking tools are available that can
speed up this process.

requires converting a dictionary password from plaintext to a hash value

What is a dictionary attack?

A dictionary attack tries using every word in a word list (similar to a dictionary) as a
password, until a successful match is found.
Most use a variety of languages

What is a rainbow table?

A file containing the hash values for every possible password that can be
generated from a computer's keyboard

What does salting a password do?

Alters hash values and makes cracking passwords more difficult

Take this time to review the Summary Slides for Lecture 11_1
Did you do it?

Why do we care about passwords? (3 reasons)

Passwords Tell a lot about people

People reuse passwords (if you find one you can probably figure out others
quickly)

Passwords can be incriminating

Why do we care about password history?

History determines how people make their passwords
Password policies do not transition well
Accounts remain breached over time

What is CUPP
A password list
Common User Password Profiler

What does CUPP do?

Generates potential passwords based on user provided information. (For more
information see Slide 15 of lecture 11.2)

Finding passwords could involve...

HKEY_LOCAL_MACHINE\SAM
Finding stored hashes
MAC OS stores passwords in the Keychain
/etc/shadow for linux
/etc/passwd for oldschool unix

Some OS's ___________ blank their passwords. It depends on the operating

system.
Salt

If someone has John the Ripper or OphCrack on their computer they are
immediately suspicious...why?
The programs are brute force password crackers.
What are some non-OS locations for passwords?
Browser keychains
Password managers
Hard coded in
OS Applications
Websites
APIs
Textfiles
Paper
Under keyboards, monitors, other physical locations

It is important to be aware of password policies because...

Lockouts might occur

True or False: Brute force attempts should be logged.

True: Some options are Windows event viewer
IDS
IPS
ssh: Fail2Ban, Deny
online: ionCube24, ISP GoDaddy tools

True or False: Passwords are not identifiable

False. They are

What happens if you dont randomize password lists?

You may be able to identify what list the password came from.

Okay. So the 11.2 Slides had NO bolded content. So I just browsed and found
things that were interesting or looked important. I recommend scanning the 11.2
Slides
Read the other side

True or False: Linux and MAC file systems are considered to be an extension of FAT
file systems
False