Helga is going to log on to her network. Her network does not employ traffic padding mechanisms. Why will it be easy for someone to steal her password?
A.
Because her password could be more than two weeks old
B.
Because of the predictability of the login length and password prompts
C.
Because the cleartext user name and password are not encrypted
D.
Because there is no provision for log analysis without traffic padding, thus no accountability when passwords are lost
Explanation:
By monitoring the size of the packets, it could be determined the password length. This makes brute force attacks easier to conduct, since you can eliminate passwords that are shorter or longer than the detected amount. Another issue on padding is timing. Suppose the successful password took longer to process, but the failed password gave a quick response. Using this timing, a hacker could determine whether a password would work just based on the response time of the login. If bad logons were padded out so they look the same elapsed time as a successful login, then this guessing and analysis could not be done.
Incorrect Answers:
1D0-470
A: Traffic padding would not protect a password based on the age of the password.
C: Passwords that are encrypted will still be the same length, because encryption is not compression. So it does not matter whether the password is in the clear or encrypted, the key here is to prevent guessing of the password length to make password guessing more difficult.
D: Log analysis is not related to traffic padding. The passwords would not even be logged, as that causes potential exposure of gaining access to the passwords, should the log file be compromised.