Try Hack Me: Password Security Write-Up
This writeup is for the password security room which is created by Abdulmalek97 and lich7 in the TryHackMe platform. This room is to let users learn about password security and password hashing, along with some attacks and defense methods. Without further ado, let’s start.
Link to TryHackMe Password Security room: https://tryhackme.com/room/passwordsecurity
Task 2 Introduction
When was the first password introduced?
Ans: 1961
The result of a hash function is a string in which we can see the original password.
Ans: nay
hash function is a _____ function.
Ans: one-way
What form of authentication is password-based authentication?
Ans: what you know
For which setting is a password guessing attack is more dangerous, online or offline?
Ans: offline
Task 3 Importance of Good Password
Which social media company suffered a breach of 42,000,000 passwords in the year 2020?
Ans: TikTok
Do people re-use their passwords?
Ans: Yay
A function f(x) = 4^x requires _____ the amount of work to go from 4^x to 4^(x+1)?
Ans: quadruple
How many words are there in the Dutch dictionary?
Ans: 40000
How many characters must such a password at least have such that brute-force guessing attacks take>2⁸⁰ guesses in expectation?
Ans:14
A hash function is basically an encryption function?
Ans: nay
You learn that a website that you use simply stores passwords in plaintext. Are they adhering to good security practices in that case?
Ans: nay
The password ‘ababababababab’ is an example of a password is chosen uniformly at random?
Ans: nay
Task 4 Password Attack
When trying all possible combinations of letters, numbers, and special characters, what kind of attack are we performing?
Ans: brute-force
John-Doe is the CEO of O-Corp which is established in 1992. Guess John’s work email password?
Ans: John1992
What are Rainbow tables particularly effective against?
Ans: Large number of passwords
Task 5 Password Storage and Defense Mechanism
A salt ensures that the same password results in different hash values for different users.
Ans: yay
Hashing a password (with no salt) ensures that the same password results in different hash values for different users.
Ans: nay
A password that is made up of 8 characters from [a-zA-Z] needs _____ of storage to crack almost instantly.
Ans: 428 terabyte
When using time-space trade-offs in attacks against password hashing, the overall complexity (storage + speed) of attacks is the ____.
Ans: same
A salt can be either be prepended or ____ to the password.
Ans: appended
Using a longer value for salt is better than a short one.
Ans: yay
What types of hashing algorithms could be used to slow down brute-force attacks?
Ans: specialized hashing algorithm
Task 6 Different Hashes Have Different Cracking Speeds
All hashing algorithms are cracked at the same speed.
Ans: nay
Which hashing algorithm (of the ones introduced in this section) is the newest?
Ans: Argon2
A key separation function is the same as the key stretching key function.
Ans: nay
What does parameter c represent in the aforementioned algorithms?
Ans: cost
Crypto _____ with age.
Ans: ripen
The hashing functions introduced in this section are widely used by companies.
Ans: nay
Which hashing algorithm won the Password Hashing Competition?
Ans: Argon2
Task 7 Advice
Storing passwords in plaintext is fine.
Ans: nay
Two-factor authentication is likely to be a security improvement.
Ans: yay
Thank you for finishing this write-up. And also thanks to the creator of this room for creating this room for users to learn about passwords.
Any improvements and comments are welcomed.
I will do write-ups on rooms future or past. Might need some help xD
