What method of attack is best suited to crack these passwords in the shortest amount of time?

Frederickson Security Consultants is currently conducting a security audit on the networks of Hawthorn Enterprises, a contractor for the Department of Defense. Since Hawthorn Enterprises conducts business daily with the federal government, they must abide by very stringent security policies. Frederickson is testing all of Hawthorn’s physical and logical security measures including biometrics, passwords, and permissions. The federal government requires that all users must utilize random, non-dictionary passwords that must take at least 30 days to crack. Frederickson has confirmed that all Hawthorn employees use a random password generator for their network passwords. The Frederickson consultants have saved off numerous SAM files from Hawthorn’s servers using Pwdump6 and are going to try and crack the network passwords. What method of attack is best suited to crack these passwords in the shortest amount of time?

Frederickson Security Consultants is currently conducting a security audit on the networks of Hawthorn Enterprises, a contractor for the Department of Defense. Since Hawthorn Enterprises conducts business daily with the federal government, they must abide by very stringent security policies. Frederickson is testing all of Hawthorn’s physical and logical security measures including biometrics, passwords, and permissions. The federal government requires that all users must utilize random, non-dictionary passwords that must take at least 30 days to crack. Frederickson has confirmed that all Hawthorn employees use a random password generator for their network passwords. The Frederickson consultants have saved off numerous SAM files from Hawthorn’s servers using Pwdump6 and are going to try and crack the network passwords. What method of attack is best suited to crack these passwords in the shortest amount of time?

A.
Brute force attack

B.
Birthday attack

C.
Dictionary attack

D.
Brute service attack

Show Hint

Leave a Reply 6

Your email address will not be published. Required fields are marked *

DJ

DJ

There is no way this is right. It says “in the shortest amount of time.” None of the answers appear right. A Brute Force would take FOREVERRRR.

Reply

Oh

Oh

Yeah I think something is definitely up with this question cause brute force cannot be right. seriously.

Reply

mr_tienvu

mr_tienvu

Birthday attack & Dictionary attack couldn’t use when all Hawthorn employees use a random password generator for their network passwords.

I think Brute force attack is the only solution in this situation althrough it is not good.

Reply

bitwit

bitwit

sometimes the brute force attack IS the fastest method

Reply

eddie guerrero

eddie guerrero

Assuming that all employees ARE really compliant, and aren’t using anything in a dictionary, then brute force is the fastest way that will eventually work, one day. lol If you do dictionary and no passwords are found, then it failed, while a brute force will eventually get it, when your grandchildren are 100 years of age.

Reply

Mario Rossi

Mario Rossi

why don’t brute service? a large numbers of precalculated hash are better…
ok ok. I found the answer while writing. You have to win the race, not to try to win. If only one password is not in the pre-calculated block you have failed.

Reply