Which attack derives a new alphabet from 2- and 3-character syllables of password entries and matches it to the password database?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which attack derives a new alphabet from 2- and 3-character syllables of password entries and matches it to the password database?

Explanation:
This approach relies on building a probabilistic model of how passwords are formed. By analyzing a corpus of actual password entries, you extract frequent 2- and 3-character chunks (syllables) and use them to create a new alphabet with transition probabilities between chunks. This Markov chain then scores possible password sequences: sequences that follow the common patterns seen in the training data get higher probability. You generate guesses in order of those probabilities and test them against the password database, so the most likely candidates are tried first, increasing the chance of a quick match. This is distinct from credential-harvesting tools that listen for passwords on a network or Kerberos-focused attacks that forge or manipulate tickets. The described method specifically uses an n-gram–based probabilistic model to guide password guesses and verify them against the stored credentials, which is exactly what a Markov-chain attack does.

This approach relies on building a probabilistic model of how passwords are formed. By analyzing a corpus of actual password entries, you extract frequent 2- and 3-character chunks (syllables) and use them to create a new alphabet with transition probabilities between chunks. This Markov chain then scores possible password sequences: sequences that follow the common patterns seen in the training data get higher probability. You generate guesses in order of those probabilities and test them against the password database, so the most likely candidates are tried first, increasing the chance of a quick match.

This is distinct from credential-harvesting tools that listen for passwords on a network or Kerberos-focused attacks that forge or manipulate tickets. The described method specifically uses an n-gram–based probabilistic model to guide password guesses and verify them against the stored credentials, which is exactly what a Markov-chain attack does.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy