Significant words on system hacking

A server which can authenticate users necessarily contains, somewhere in its entrails, some data which can be used to validate a password. A very simple system would just store the passwords in cleartext, and validation would be a simple comparison. But if a hostile outsider were to gain a glimpse at the contents of the file or database table which contains the passwords, then that attacker could learn a lot.

Hashes are mathematical objects which everybody can compute efficiently, and yet nobody knows how to invert them (ideally). A server stores a hash of a password and when presented with a password by a user that wants access, the server just has to hash it to see if it gets the same value. Most importantly, knowing the hash does not reveal the password itself.

In a brute-force attack, an attacker tries passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.

Attacker attempts to guess a key created from the password using a key derivation function.

A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes.

A birthday attack is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. It refers to a class of brute-force attacks that are much faster than ordinary brute force would be.

The word steganography comes from the Greek words steganos (covered, concealed, impenetrable or protected) and graphy which together mean hidden writing. It is an ancient art and has evolved into a sophisticated part of cryptography, the art of secret writing.

  • plain-text: The original secret message that needs to be communicated.
  • cipher-text: Secret message is often first encrypted using traditional methods. Encrypted message is known as ciphertext.
  • cover-text: A larger and harmless looking data which is used as container for the plaintext/ciphertext. This can be a picture, sound, text, etc.
  • stego-text: The data generated after embedding the plaintext/ciphertext into the covertext.