CBK#5 Cryptography - Page 9

CBK#5 Cryptography  - Page 1 2 3 4 5 6 7 8 9

Man-in-the-middle attack:
Eavesdropping on different conversations. Using digital signatures during the session-key exchange can circumvent the attack.
Dictionary attacks:
Takes a password file with on-way function values and then takes the most commonly used passwords and run them through the same one-way function. These files are then compared.
Replay attack:
An attacker copies a ticket and breaks the encryption and then tries to impersonate the client and resubmit the ticket at a later time to gain unauthorized access to a resource.

CBK#5 Cryptography  - Page 1 2 3 4 5 6 7 8 9

CISSP Summary 2002 |  Related links | References

CBK#1 Access Control Systems & Methodology | CBK#2 Telecommunications & Network Security | CBK#3 Security Management Practices | CBK#4 Applications & Systems Development Security | CBK#5 Cryptography | CBK#6 Security Architecture & Models | CBK#7 Operations Security | CBK#8 Business Continuity Planning & Disaster Recovery Planning | CBK#9 Law, Investigations & Ethics | CBK#10 Physical Security

Contact:

E-mail: john.wallhoff@mailbox.swipnet.se
Written by: J.Wallhoff January - April 2002
Updated by: J.Wallhoff April 2002