InfoSec Quiz Question 4

Interesting question. I am not sure how to interpret the phrase “run against a captured password hash.”

If the question means “Which type of password attack makes use of extensive wordlists to hash and compare to a captured password hash?” then the best answer is: D. Dictionary

Explanation:

Answer C. Rainbow Tables:

To prepare for this attack, an attacker creates or copies a rainbow table. A rainbow table is created by calculating the hash of all passwords, but only storing a very small fraction of them. The rainbow table is organized so you can recreate all the passwords and hashes quickly (on the order of ten thousand hashing operations). The hashing operations during the attack are on information stored in the rainbow table, not from a wordlist. The inventor of the method gives an explanation here:
https://web.archive.org/web/20060602123958/https://www.isc2.org/cgi-bin/content.cgi?page=738

Answer D. Dictionary:

To crack a captured password hash, a dictionary attack uses a wordlist containing password guesses. During the dictionary attack, each password in the wordlist is hashed, then compared to the captured password hash to see if the hashes match.
 
Which type of password attack makes use of extensive wordlists to hash
and run against a captured password hash?

A. Character
B. Brute Force
C. Rainbow Tables
D. Dictionary
hm, that question, would even allow Brute Forcing acccept as correct, wenn the Password is stored as a Hash in the System:
Enter Passwort in the Login Field (from a Dictanory Word List), system Calculates Hash, compares it and if it has a Match, you are in.
I know, you mean Rainbow Table. But in theory brute Force does the same.
Also, A Dictonary is nothing else as an extended Wordlist (with More Explanation).



Michael