Cryptographic Attacks

There is no such thing as a sure thing when it comes to protecting data stored on computer systems.

Encrypting data is only ever relatively secure, but hackers always have a chance of gaining access to encrypted data using a variety of methods.

Dictionary Attack

A type of brute-force attack where the hacker uses a list of words and phrases to try and guess the password. It only really works on weak passwords that are similar to common words, phrases, or derived from PII that is easily discovered through investigation.

Collision Attack

An attack where the hacker tries to find two inputs that produce the same hash value. A hacker would trick Bob into thinking a compromised document is from Alice by first sending a message to Alice. Alice replies, signing the message with her digital signature. Since the original message and the compromised message generate the same hash value, the legitimate digital signature is also valid for the compromised message. The hacker takes Alice's digital signature, attaches it to their own message, and sends it to Bob, tricking them into believing the message is really actually, for real, truthfully, and genuinely from Alice. 

How do we avoid this type of attack? Make sure our hashes are long enough. The chance of generating duplicate hashes increases exponentially the smaller our hash value lengths are.

Downgrade Attack

An attack where the system is forced to use an older, less secure protocol for communication. SSL is particularly vulnerable to these attacks. Downgrade attacks are usually part of a man-in-the-middle (MITM) attack, where packets are downgraded from, say, HTTPS to HTTP. This allows the hacker to listen in on all communications between the two parties.

How do we avoid this type of attack? Simply don't support these older protocols. Servers can be configured to ONLY use secure versions of each necessary communications protocol.