Term
|
Definition
|
|
Term
|
Definition
Social engineering
capturing
resetting
online guessing
offline cracking |
|
|
Term
|
Definition
keylogger on a computer can capture the passwords that are entered on the keyboard
man-in-the-middle and replay attacks can be used
protocol can also be used |
|
|
Term
|
Definition
method used by most password attacks used today
decrypting a users password |
|
|
Term
|
Definition
offline cracking technique
every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched with those in the stolen file
slowest yet thorough method |
|
|
Term
|
Definition
Brute force attack
this is the set of letters , symbols, and characters that make up the password.
Because not all systems accept the same character set for passwords, if characters can be eliminated from the character set, this will dramatically increase its speed. |
|
|
Term
|
Definition
variation of the dictionary attack
attack will slightly alter dictionary words by adding numbers to the end of the password, spelling words backwards, slightly misspelling words, or including special characters such as @$! or % |
|
|
Term
|
Definition
| make password attacks easier by creating large pregenerated data set of encrypted passwords |
|
|
Term
| Cracking the password using rainbow tables |
|
Definition
creating table
that table is used to crack the password
compressed representation of plantext passwords that are related and organized in a sequence called a chain |
|
|
Term
|
Definition
small device with a window display, this and a corresponding authentication server share a unique algorithm, generates a code from one algorithm once every 30 -60 seconds
the code is not transmitted to the device, instead, both the device and the authentication server have the same algorithm and time setting |
|
|
Term
|
Definition
DOD smart card that is sued for identification for active duty and reserve military personnel along with civilian employees and special contractors.
integrated circuit chip with bar code and magnetic strip, picture and printed information |
|
|
Term
PIV
Personal Identity Verification |
|
Definition
| a standard that covers all government employees |
|
|
Term
|
Definition
Uses person’s unique physical characteristics for authentication
–Fingerprint scanners most common type
–Face, hand, or eye characteristics also used |
|
|
Term
|
Definition
Authenticates by normal actions the user performs
–Keystroke dynamics
–Voice recognition
–Computer footprinting |
|
|
Term
|
Definition
| attempt to recognize a users unique typing rhythm |
|
|
Term
|
Definition
| authenticate by users voice |
|
|
Term
|
Definition
| When and where a user normally does business or use computers |
|
|
Term
|
Definition
Active directory Domain Service security feature
prevents a logon after a set number of failed logon attempts within a specified period and can be also speciify the length of time that the lock out is in force, this helps prevent attackers from online guessing of user passwords |
|
|
