Understating asymmetric and symmetric key cryptography, hash functions, MITM attacks, Salts, Bruteforce attacks and more
Our cryptography playlist on youtube has covered most of this : https://www.youtube.com/playlist?list=PLf8bMP4RWebLVGpUnhji9Olkj1jdXfzFd
Well to data is the most important aspect for computer systems and networks. Not only to store this data but also to protect it so that it cannot be misused in any form is important part of study of computer and network systems.
Encoding is the method of changing data from one form to another. Encryption means encoding that data in such a way that only certain persons will have authorisation to access it. Well cryptography is the study of methods or techniques to make communication secure especially when third parties are present. Basically encryption is the method we use to secure communication or data while cryptography is it’s study ( some people gets confused between the two words : note carefully what I wrote , study of encryption is called cryptography).
We can divide cryptography in three types : symmetric cryptography , asymmetric cryptography and hash cryptography
Well cryptography is very important. Let’s to understand it by taking examples. Say there are three persons A,B and C. The guy C is a bad guy (the one who tries to steal information). A and B want to converse without letting C to know what they are conversing. Well this example should have been given in reference with computer systems rather than persons but that might have confused you.
Method 1 : Well say A and B develop locker which has a key (they make two copies of key and each one keeps one) which carries information between them. So in this way information flows between them. A locks some information (say a letter) and sends it to B , B unlocks the locker as he also has the key , reads the letter and writes a letter back and sends it locked in the locker. A receives the locker and unlocks it and it keeps going on. No one else has that key so C can’t do anything. This method is called symmetric cryptography system that is there is one key which only which operates that locker i.e only one key is used to lock as well as unlock the locker.
Now the problem is if A and B are such persons who live apart and can never meet how to decide about the key (assume that there are no calling systems and mailing via lockers is only possible). If they have to start the conversation first point is to have that key decided somehow. Let me explain you better. Well imagine that A is a computer (or say a server) , B is a server (or say another computer kept far away from A) , C is a computer or system which has such tools with it that it can study the data flowing between both A and B. Now both A and B know that if they can share a secret key to encypt and decrypt data (that key will be able to do both functions) then they can converse securely but the point is how to share such a key (infact first decide that key) as C is getting all their conversations (This is a typical type of MITM — Man in middle attack which we will discuss later). The answer to this question we will get in asymmetric cryptography .
Method 2 : Well one of the greatest invention in the field of networking is of asymmetric or public key cryptography . The main feature of this type of encryption is that there are two keys say X and Y , if you encrypt a message (or say lock it) with key X you can decode only with Y (not even with X which was used to lock ) and if your lock with Y then you can decrypt (or unlock) only with X. Well a lot can be discussed over it (mathematically but let’s skip that and focus on understanding concepts here, hopefully you will find its video on my youtube channel soon). Well so read the property again because that is the most important thing. Well now let’s come to A,B and C . Now what A will do is it will make two keys XA and YA ( it will call the key XA as private that is no one other than A will have that key and call the key YA as public that is anyone can have that key in fact A will spread the duplicates of YA everywhere means to all who want) and similarly B will have two keys XB and YB ( XB is private key of B and XB is his public key) . Now if a message is locked with XA (private key of A) then only YA can unlock it and if its locked with YA (public key of A ) only XA can unlock it . Same is with the keys of B. Read carefully the starting lines again in case you did not get things. The point is each person as two keys of his own , anything locked with one of those keys will get unlocked only by the other key ( one key he will share with all and the other one with none) .
Now if suppose B wants to write anything to A then all he has to do is write anything with the key YA (that is public key of A , the key which is publicly available to all) so that when as A receives it he decrypts the message with the key XA (private key which only A has) . Same is in case of B (anyone can write anything with his public key and send to him and he can decrypt it with his private key and read it). Well now the thing is C can’t do anything. He has public key of both ( yes he may converse with both of them in case they wan’t to talk to him) but he is not able to decrypt the conversation between them as he does not have private key of any of them.
This is the most important concept in marketing. For secure conversations between different systems it’s a must. Its backbone of a SSL which we will discuss later. One more important things if any encrypted document gets decrypted by public key of any person (say by public key of A) then that documents belongs to A(means it was written by private key of A) and he can’t deny that . This is the basic concept behind digital signatures. We will talk more about these topics while discussing MITM attack.
Well this is again one of most important concepts for data storage. Well hash function is a special function ( cryptographers work for years to create hashes and out of those so many hashes very less hashes are considered as the ones which would serve the purpose best and then after years of that acceptance the hash becomes a hash for users — if all goes okay with it). Well a hash will take any value of string (say of any length) and will give a unique output (which will have a fixed length).
Let’s understand all properties of it (ideal hash function).
1. The hash size is always fixed . That is suppose you have many different inputs and pass all of them via MD5 hash function the output of all those inputs will be a different but will have same size though (128 bit in case of md5)
2. Hash function is non reversible. suppose I convert sunny into md5 hash (which will be 533c5ba8368075db8f6ef201546bd71a ) it will not be reversible means from that hash value I can’t make it sunny again (though via brute forcing we will crack it easily but what I mean is reversing it using mathematical methods is not possible)
3. Hash results can’t collide. Means if I have two different inputs the output can’t be same. So if I treat say sunny and nehra which are two different strings with a hash function , that hash function will give results that will be different from each other (and it will apply for all strings).
4. If I change even one bit of the string from right or left entire hash should change. Well let me show you real examples I m taking md5 hash to check it (you can use any md5 hash online converter to check) : md5 hash encryption for sunnynehra is ef49f5d5f6e48e5da7f7783dc055953e , md5 hash encryption for sunny nehra is 01ed3704d85abd7d6a49267b438ba5cf , for sunnynahra is e16c33bb721338cf13d596dccbd1e920 , for sunnynehrb is a4a0ae9624ce701074ba2526beeeb23f , for runnynehra is f842b01c519c93a305ab2324dc9fd308 . See carefully just one change changes it so much . Basically this hashes are created in such way so that hackers may not be able to detect passwords via applying different passwords and analysing the change that is coming.
Note : No hash can ever be an ideal hash ! Think ones the size length is fixed while the input size is not. So the number of possible outputs is fixed while the number of possible inputs is infinite. Understand it now like this say there is a situation where possible inputs are 10 and possible outputs are 2 (i mean take any condition of outputs < inputs) and each input has to give some output can it be possible that we make an arrangement that no same inputs have same output ? Really possible ? No ( of course multiple inputs will link to sam output) ! So see all the conditions of hashes ! They can not be ideal. It’s just that unless we are able to find some collision we keep calling them ideal.
Well to store our data it was really needed a lot. We can’t use hash function for communication as its non reversible that is if you encrypt data using hash function and send to someone he will get encrypted form and will have no way to crack it ( leave aside brute force and related techniques). So the use of hash is mainly done for storing data in servers. Suppose I have a website that asks for login details there , when a customer signs up , his credentials (mainly password , some very rare websites encrypt username also yes it’s even increases the security but causing some problems like in the case you have to display the username in your website etc so websites avoid it also it decreases the speed relatively) will be stored in database as encrypted so that even my workers who have access to database can’t see the passwords of persons (as they are in encrypted form) . So now the password of that customer is stored as encrypted (via hash function) in database and when he will login to his account he will enter the password (he will enter his real password) which will pass through the hash function and will generate a hash will will be matched with the hash stored in database.
Understand it like that : suppose I sign up on any account that is using md5 hash . I enter all my details there to create an account. While creating account I give my information like this username :sunnynehra , password : hackandsecurity . the md5 value of hacksandsecurity is f5d4e9dfda969ba71aa7599f46e1bba3 , so in database of that website my password will be stored as f5d4e9dfda969ba71aa7599f46e1bba3. So whenever I will go for login I will enter hackandsecurity as my password which will be converted to f5d4e9dfda969ba71aa7599f46e1bba3 by md5 hash function and will be checked against the value stored in database and if both value match I will be allowed to get access of my account.
So even if a hacker hacks the database of that website my password will be quite safe .
** Please note that MD5 isn’t a good choice considering today’s scenario. I m using it in examples just because its most widely used hash, if you thinking to use a good hash for your website go for bcrypt and PBKDF2 . We will talk more about it after discussing brute force but remember don’t use MD5 though while experimenting and learning prefer MD5 hash (testing encryption hash cracking) in starting. **
Well so our data is totally safe if it’s hashed ? How to choose a good hash function ? Well all these answers you will get after reading about brute force and dictionary attacks.
Brute force and dictionary attacks : Basically you all must have come across tools like THC hydra, rainbow crack , cain and abel, orphcrack, aircrack-ng etc Well even if you have not these tools are used to hit many passwords in a very less time. Brute forcing is technique of trying many passwords continuously with the hope to get the right one. The cracker will enter passwords systematically and will try all the possible combinations that could be possible (unless the right password is found) . Most of times people use it for wifi cracking. You can make your own programs to conduct brute force attacks (in fact simple commands will serve you purpose) or can use tools (there are so many tools for that). How brute force will crack the passwords ?
Well let’s come to practical life first. In practical life most websites you will face will have login limit attempts ( in some cases u can develop methods mostly making some scripts to bypass such things ) so you can’t do such attacks. What happens is via SQl injections or by getting shell access (in practical life most of times you will see that database backups gets hacked) hackers get databases of these websites. Databases are usually encrypted but it’s not much harder to detect the kind of encryption used (even many online websites will tell that). It’s not possible to decrypt them but hackers can use same encryption algorithms and do brute force attacks.
**Well if some of you thinking to make his own hash please don’t think that. I repeat please don’t. Yes , even If you think you have done a cryptography course stop here , don’t. Until and unless you have read well about how much cryptographers worked to create these hashes which we used and even after years they are not sure if its reliable or not. If you are person who has done study in this field for a very long time and experimented on the hash you created for a very long time and tried all possible that could be done to check that hash , only then you should use that hash. **
Well as I was saying above let’s think that I have got database of a website that has many passwords all encrypted with MD5 hash. See how brute force works . All we have to do is write a program to execute all possible combinations (obviously it can’t be all as it will be infinite I mean within limits). Well say first you run a program that commands your computer to make all possible combinations (take first for 7 letters ) from “aaaaaaa” to “zzzzzzz” and then passes those combinations through MD5 hash function and than matches them ( u can easily create them or best is to use hashcat in kali linux or u can use hashcat in windows — all this actually need a video tut I know but still I m trying to explain as good as I can ). Well you will note that all these attempts would be done so fast. Actually the problem with MD5 hash is the speed of hashing. An average computer (with a normal 1GB GPU) can do nearly a billion per second … shocked ? well it’s the problem with MD5 hash. Try making different combinations and think ones how much time it will take to crack the passwords (the example I gave in that total no. of combinations would be 26⁷ , hope you got that simple mathematics) . The time taken in this case would be nearly 9 seconds. So basically from that database all the people having 7 digits passwords with all letters as lower are completely insecure (in fact most are insecure except those using large passwords or good passwords).
**well I will advice you to use hashcat. You can get third party graphical interfaces (looking like proper softwares with tabs and all features made so that instead of running commands you can just use the feature of that software and do the same thing) but I will always recommend using command based interfaces the reason being command based interfaces use less power , are more flexible and their requirement is too less so go for hashcat . all you have to do is enter some commands and your work will be done , for eg for the above example all I will do it
./hashcat64.bin
Note carefully : in above example all I have done is given command to execute all possible combinations from aaaaaaa to zzzzzzz ( m stands for hash type which I choose here as
-m 0: we set the hash type to MD5 (value of m decides the hash type, m value 0 is md5)
-a 3: set the attack mode to mask attack i.e. (value of a decides attack mode
, a value 3 is bruteforce)
File.txt is the file where function is to be performed (having passwords to be
cracked)
?l?l?l?l?l?l?l: the mask is a 7 character long string of the built-in charset ?l
(“l” stands for lower case characters)
For charset “l” stands for small case letters, “u”” stands capital letters, “s” stands for special characters, “d” stands for numbers that is 0,1,2,….9 , “a” means all i.e. numbers, small letters , capital letters and special characters. When is use ?l I mean all the possibilities of l . similarly with others. Now read the above command carefully. Few examples to clear you things (keyspace tells password range means from here to there) :
command: -a 3 ?l?l?l?l?l?l?l
keyspace: aaaaaaa — zzzzzzz
command: -a 3 password?d
keyspace: password0 — password9
command: -a 3 ?a?a?a?a?a?a?a
keyspace: all possible combinations from keyboard of 7 digits
If you are not getting commands etc well it’s ok (I m myself trying to avoid such things which must be done by giving live examples in video) . You will most probably get video tuts of all these things in my youtube channel to clear out things.
And the thing is in real life bruteforce is rarely used (most of times its used to check if someone’s password is a phone number). Well the fact is that crackers mostly use ready made dictionaries . These dictionaries can be of many types : containing all dictionary words , containing common passwords ( when databases gets leaked hackers make dictionaries out of the passwords that got cracked and combine with other such dictionaries ) etc. Using such dictionaries instead of commands or programs which tried to input sequential combinations for massive passwords attack is called dictionary attack. You can find many dictionaries on internet which are good for dictionary attacks.
Choosing a good password : Well never use a dictionary word for obvious reasons. Try not to use same password on different websites . The main reason being if you get habit of this you will enter the same password everywhere , even if some malicious website come across you will enter same password there also (its human mentality and social engineers take advantage of this mentality ) and will get ditched . Actually it’s a new type of attack that social engineers do , they will create bots on social networks who will promote some adult sites (generally these are fake account of girls claiming to be part of live cam sites) and they will give you a malicious website (which won’t have its password as encrypted) and you will enter your usual password to create a new account and your all accounts of all websites are compromised. Best way is to make a method . Just like if you have habit of using hacksandsecurity as password when you create account on facebook make it like hacksfandbsecuirty , while making account on amazon make it like hacksaandnsecurity , I mean don’t do exactly what I m saying but I mean make a sequence that you can remember so that from the website name itself you can guess what it’s password will be. Well best habit is using special characters like # , @, & etc because the more unusual you make it and the more you include different categories from the keyboard the more its cracking chances decrease . Try long passwords. Short passwords are easier to crack. Best is use a password of around 10 to 12 digits having both upper and lower cases , having number(s) (at least 1) , having special character(s) and somewhat unusual. Eg. Change of Hacksandsecurity for my facebook would be H@<ksf&bSe<u*itY ( just an example) . Well instead of hacksandsecurity I would have preferred some unusual word (telling frankly I choose Haryanvi words and change them in an unusual manner with symbols different digits and still easy to remember). Choosing a long password is good idea but while logging in you may not enjoy long passwords. If you choose long passwords never combine dictionary words for example if you choose a password like Imacertifiedhacker well its good hard to crack but sometimes crackers make programmes which combine dictionary words and use them (sometimes get list of various phrases or common sentences). The more unusual and different from usual passwords and patterns you go the better it is.
Well in real life what crackers do is they make dictionaries having precomputed hashes means suppose I have a dictionary which I have to use for an attack say it has all English characters and common passwords what I will do it I will convert all it’s password list (say strings in computer language) into hashes and use these hashes for attack . for eg say I have a dictionary having common passwords say hacksandsecurity ,sunnynehra, cybergods, lizardsquad, onlinedeals, H@<ksf&bSe<u*itY, 1337theleetgood, n00b420 etc (there are many such words in dictonary) so converting them by passing them through MD5 hash function I will get a new list which has md5 hash of all these passwords like d30a9fa6d6cdc8bb29b38b250c716a84 (md5 hash of hacksandsecurity), ef49f5d5f6e48e5da7f7783dc055953e , 481cb8518b6c5a7e873092d20b585be4 , 87056c3dbeac88338410a23acaf84e83 and so on (so basically all the passwords in the dictionary we have will be converted to their hash forms and stored in a new document which hash hash of all of them ) . That new document will have hash along with the passwords written before it . So it will look like this
Md5 Hash original string
d30a9fa6d6cdc8bb29b38b250c716a84 hacksandsecurity
ef49f5d5f6e48e5da7f7783dc055953e sunnynehra
481cb8518b6c5a7e873092d20b585be4 cybergods
…………. Ans so on .
So basically in order now we have a new file. Why did we make this file ? Well when we do password attacks (dictionary attack here) we need as much as speed as possible so that hits or try per second are as many as possible. The data base we have contains hashes (of passwords) and so as we also converted out dictionary to hashes to avoid time taking while hashing them during the attack.
Earlier (when we had normal dictionary)
Dictionary words →
Hash function (this process will take some time)
→ compare with the hash of the password file (which we got from database)
Now (when we have precomputed hash dictionary)
Hash
→ compare with the hash in password file (which we got from database)
Some hashes like MD5 are fast but some are slow so it becomes a compulsion in their cases to have a dictionary of hashes made by passing dictionaries via them. Well understand it like this. Suppose there is a hash which is quite slow so when I will use an attack that first converts into hash and then checks the list of hashes (which we got from database and which are to be cracked) and may reduce even 1/10thor 1/100thor 1/1000th of the speed when we use directly hashes to check the hash list (reduction is speed depends upon the speed of hash).
Also note that the when in brute force we pass a hash to be checked (or convert a password to hash and then send it) that hash is compared with entire file (that we got from database) . While in case of wifi networks when u have to crack a wifi all the passwords are tried and checked for suitable result. So the if you thinking to develop an algorithm for both it will vary a lot (as in one case its comparing a string to an entire file while in the other case it’s like comparing a string to another string ) . You may not have got my point. Well don’t worry these are practical things and we will discuss it later via video tuts.
Salt : Well simply speaking , salt is an additional input to to your hashing function.
Well there are two methods : same salt for all passwords and different salt for all passwords. Lets try to understand it.
Say I created a sign up page on my website that asks for user credentials. The entry of the password field will combine with a salt and then get encrypted and stored in database. Suppose you entered the password while sign up as sunnynehra (also say username u enter is user 1) . The salt is secure. So now :
If you have not got my point the string(sunnynehra) will become : sunnynehrasecure ( “+” sign was to make you explain that they are combining obviously “sunnynehra+secure” will be completely
Now as I already told it could be also possible that I create a system that each password gets a different salt (usually random values are assigned).
In that case condition will be something like this :
Well one more important thing is when we use such system in which all passwords get different salt there even persons having same password will have different hashes stored in database. For eg.
different because one digit can change everything in a hash and in fact if you want to create function that will work adding that + sign also while encrypting that is also fine , it will be equivalent to having a salt value “+secure” , hope you got what I mean) , after passing combining with salt and md5 encryption of sunnynehra secure is 917845cc12352b22bbbbeec8cec99e9e which will be stored in database server.
Suppose if there are two users : user1 with password sunnynehra and user2 with password hacksandsecurity. Then it will be like this :
Though users have same password (sunnynehra) we can see that hashed value is different.
Now let’s talk ones why do we even need salting of passwords. Well we talked before that there are precomputed dictionaries of common passwords and English words etc. Salting in a way will provide us protection against those dictionaries as even if someone chooses a password which is dictionary word the salt will get added to his password to make a new hash which wont be hash of any dictionary word. Also if someone uses small passwords it adds protection.
When we use same salt for all passwords we can note that if a cracker somehow cracks one password he will easily crack passwords of all persons having same password (all he has to do is search for the same hash) . Also he may even guess our salt from the password of person and ones he gets the salt he will make a program which adds that salt to the dictionary words (or common password list which he would be having) and launch a brute force attack.
So in a way using different salt for each password is a better option. It gives more security. IF you are using a formula to generate salt you must keep that safe (though mostly random function is used). Well before I discuss it further let me first explain you the reality of brute force attacks.
** some of you might be confused with the fact that whether encryption is done on the end of server or the client , means whether the data get encrypted at the browser end itself or it gets encrypted when it reaches server . Well the fact is server end encryption and client end encryption both are possible infact you can also encrypt on both ends. We will discuss more on it during after completing some more basics **
Brute force security (reality) :
Well so we will talk about websites security here. Suppose I m to make a website that has login system. First of all we know that crackers can do brute force attacks on our websites and so the accounts of our clients may not be safe. So what should I do to make my website secure from brute force (or dictionary attacks) . Well the basic idea that may come in your minds is to lock the accounts for which we are getting multiple accounts. Well will that work ? Suppose a group of crackers and me are two opponents (they are s hackers are different levels and I have to protect my website and I have good understanding of how hackers really work). I have made a system to lock accounts in case its getting many invalid login attempts. How will the crackers respond to my act ?
Well the crackers may actually mock it. They will understand a simple thing that its easy to blocks someone’s account on my website. And yeah that actually happens in real life. Earlier people used to do it with facebook accounts. To block someone’s account (that would need a lot verification to open ) all they would do is do a brute force attacks with his username or email and randoms passwords. Other than it, it creates one more huge problem for me that it’s easier for them to detect the usernames now because my website will block only those usernames which are valid (obviously a username that doesn’t even exist ,it won’t be blocked) . If you have not got me take it like this. My website blocks your account if 10 passwords are wrongly entered against your username. Well what crackers will do is they will new scripts or programs , the function of program will be to check if 11th attempt exist against a given username and they will convert this program into brute force attack. Basically they will filter out all the usernames for which the 11th attempt did not exist (that is they got blocked). In the field of hacking somewhere or the other it may cause me harm (in fact they may guess even the admin password from that list of usernames they made) . Also important point is the brute force attack hackers do in real life isn’t the way what people usually think. What most hackers do is same password for different usernames. They will get a list of common passwords (“password”, “1234567890” , “trustno1” etc) and use those passwords against all usernames . So basically one password is checked against all possibility of usernames (and one by one these passwords are changed ) . Well by this method they could easily get the accounts of persons who could be using such commons passwords (infact many do and hackers are well experienced , they compare different available dictionaries , make list of those passwords which many persons use) . So locking account was not a good idea at all.
What if I rather lock down the IP address ? Let’s try this to. Well it could be done many ways. Suppose I lock an IP address that is trying different passwords for an account. Basically what I did is I made a system that will look for those accounts for which different passwords are being entered. Well first of all I already told u a fact that what hackers do is they do it in opposite way “one password” for all possible usernames. Well other factor is that the world doesn’t lack open proxies or in other words I mean to say is it’s very easy to change IP address and make such a program which will keep changing the IP address after certain hits and keep going on like that. Well the other way I could do the IP locking is by locking the IP address which is using many attempts (with same or different accounts doesn’t matter). This method of locking IP is slightly better than the method above but still could not over come the IP change factor. Well it can reduce the lower level hackers. One more important fact is that the hackers who have a good level they have “bots” means they keep turning several computer systems in “bots” and use those computers for massive attacks (we will discuss about this term later , during the ddos attacks) . So basically what hackers may do from these computers. I as a website developer will note that these computers belong to public who are not hackers and blocking IP may cause rather loss to me. Well blocking IP address is not a good idea as per me.
Well so what should I do to protect my website from these attackers. Well being frank I as developer may even play with them using some basic techniques. I know that what website mainly do is they return “HTTP 401 error” code when login attempt well what I could do as a better option is when the login attempt fails the website will return “HHTP 200 success” code but will redirect to a page that will display “invalid username or password”. Well the reason behind doing is it will avoid low level hackers to a lot extent. They mostly use softwares to do such attacks and such softwares will count it as success as that code it returned and it will rather confuse the low level hackers. As the combination of username and password provided to them by their software will not be valid. Infact this is just a very small example I gave you. You can vary all the usual things like that. The more you vary the more good it is. Yes I know good hackers will study your website well and make their own codes to do things. Well let’s move further what could be even better. Say I implement captcha to stop these attacks. Captcha is basically an image that can be understood by humans but not by computers or automated systems (well I mean its meant to be) .Well it’s a nice idea. Best option is use such captcha which are simple to answer for customers. Some captcha are ask use to fill digits shown in picture while some ask us to select the photo of tree from many photos. Suppose there are 8 photos and only one of them has tree so the chances are 1/8th for an automated system to answer it (considering that after making one attempt of that answer on captcha all the pics get changed I mean a new question of captcha appears). Well you can try many different captcha providing sites and check the best captcha you like (it should be friendly to your customers or they may get irritated).
Well another important thing is slowing down that particular IP which is using massive attacks. What I mean is if you find that from same IP 3 different attacks have been made just simply make it little slower ( even captcha serve the same part but you can use your own methods also). Infact slow down the time between two attempts. 2 attempts in a time of 1 second is note possible by a user (in fact in bruteforce the time is very much less between two attempts) . So it has to be designed such that 2 attempts should have a particular gap say at least 2 seconds. Well you can do better ideas (it all depends upon the type of website you are running and what kind of attackers attack you). If 2 attempts fail together (and both were made in a time period less than 1 sec) all the next attempts should be followed by advertisements (create advertisements of 10 seconds or 5 seconds of your products and ones you detect that any two attempts were automated , a video add of say 5 seconds will be displayed there — in place of captcha it’s a better option according to me and if you want more safety because you think hacker will make a program to enter passwords at gap of 5 seconds which I know he won’t but still u think you can ask a question at end of video , that is what was the add about) that will help you promote your products also.
Well you can combine above methods to make a solution to stop brute force attack. Well regarding IP change , yes it’s a problem (you can block mac address also , I know softwares like Tmac can change that also) but changing it frequently consumes bit of time of the attacker (in fact the program written by him gets slower if it includes IP changing ) and the backbone of brute force attacks is the speed. Regarding blocking I was thinking it to discuss on it during the payment systems (gateways). Well also remember in the case you have account blocking applied to your website you should also have added the function of mailing user and texting him link to unblock his account (send it the same time its blocked). Well in real life it’s not much harder to avoid brute force attacks and you can minimise it to a lot extent (you can’t reduce it to 0 anyhow) but if you minimise it well hackers will get pissed off from your website and move to another one.
Regarding using salt , well I already told you the drawback of having same salt for all passwords. The idea of having different salts always seemed nice. Yes if our passwords are protected by salting (that too different salts with all passwords) we are quite much secure to brute force attacks . The main problem is of storing this salt especially in the case we use different salts with different passwords. Well when the person will login in the website there should be some system to check the password is correct or not and the system can be only one that is his password combines with the same salt which was assigned to his password and then the hash of this combination will be checked with the password hash stored in database against this user. Well for this these salts should be stored . A website usually has many users. So these salts will have to be stored in database along with the password hashes. Well still you should try to store them as much as secure as possible. In the case the database of website gets hacked somehow the hacker will gain access to salts and the hashes . I know it will be still very hard for him. First of all the salts used in real life are actually generated by very complex random functions and are a lot complex themselves. Second thing he will note that all the hashes have different salts. So it will be very long task for him. First he will take a single hash password , combine its salt with all the dictionary words he have (which will be a lot usually in millions) and then encrypt it (some encryptions are quite slower) and thus all values generated now will be checked against that password simultaneously . So with same encryption he can’t try to crack multiple passwords at same time (all passwords were treated with different salt values) so parallel attacks are not possible. Well it’s very time consuming and hard work now. This is the main safety feature of using salt. Not only they protect us from dictionary attacks (of hashes of common passwords) they also protect us even to much extent when database gets leaked out.
Well some more things could be discussed in this topic of salt but I avoided them for time being especially tables (its nothing much different just the dictionaries of hashes we made , for its good understanding we rather need good slides or video tuts). Before moving further to some hacking methods let’s better discuss about a term called social engineering because it’s the backbone of hacking.
Originally published at https://hacksandsecurity.org.
