Task 2
When was the first password introduced?
1961
The result of a hash function is a string in which we clearly can see the original password. yay/nay
nay
a hash function is a _____ function.
one-way
What form of authentication is password-based authentication?
what you know
For which setting is a password guessing attack more dangerous, online or offline?
offline
Task 3 —
Which social media company suffered a breach of 42,000,000 passwords in the year 2020?
TikTok
Do people re-use their passwords? Yay/nay
yay
A function f(x) = 4x requires _____ the amount of work to go from 4x to 4x+1
quadruple
How many words are there in the Dutch dictionary? (a comma is not needed in the answer)
400000
How many characters must such a password at least have such that brute-force guessing attacks takes > 280 guesses in expectation? I.e. what number, when multiplied by the number of element in the character set, yields an answer that is bigger than 280
14
A hash function is basically an encryption function? yay/nay
nay
In which year was the hashing function MD5 officially deprecated and by whom? format is year-name
***2011-NIST
You learned that a website that you use simply stores passwords in plaintext. Are they adhering to good security practices in that case? yay/nay
nay
The password ‘ababababababab’ is an example of a password that is chosen uniformly at random. yay/nay
nay
Task 4 —
When trying all possible combinations of letters, numbers and special characters, what kind of attack are we performing?
brute-force
John Doe is the CEO of O-Corp which was established in 1992. Guess John’s work email password.
John1992
What are Rainbow tables particularly effective against?
large number of passwords
Task 5 —
A salt ensures that the same password results in different hash values for different users. yay/nay
yay
Hashing a password (with no salt) ensures that the same password results in different hash values for different users. yay/nay
nay
A password that is made of 8 characters from [a-zA-Z] needs ___ of storage to crack almost instantly. (format is: wholeNumber xbyte i.e. 7 petabytes) (Hint: type numberOfCharactersInSet^numberOfCharacters * 8bytes on google and round the answer to the nearest number) (treat 1 Kilobyte as 1000 bytes)
428 terabytes
When using the time-space trade-offs in attacks against password hashing, the overall complexity (storage + speed) of the attack is the ___
same
A salt can either be prepended or ___ to the password.
appended
Using a longer value for the salt is better than a short one. yay/nay
yay
What types of hashing algorithms could be used to slow down brute-forcing attacks?
specialized hashing algorithms
Task 6 —
All hashing algorithms are cracked at the same speed. yay/nay
nay
Which hashing algorithm (of the ones introduced in this section) is the newest?
Argon2
A key separation function is the same as key stretching function. yay/nay
nay
What does the parameter c represent in the aforementioned algorithms?
cost
Crypto _____ with age.
ripens
The hashing functions introduced in this section are widely used by companies. yay/nay
nay
Which hashing algorithm won the Password Hashing Competition?
Argon2
Task 7 —
Storing passwords in plaintext is fine. yay/nay
nay
Two-factor authentication is likely to be a security improvement. yay/nay
yay