Appendix - Hashtopia

**BRUTE-FORCE-ATTACK** - the act of trying every possible combination of a given keyspace or character set for a given length **DICTIONARY** - a collection of commons words, phrases, keyboard patterns, generated passwords, or leaked passwords, also known as a wordlist **DICTIONARY-ATTACK** - using a file containing common or known password combinations or words in an attempt to match a given hashing function's output by running said words through the same target hashing function **HASH** - the fixed bit result of a hash function **HASH-FUNCTION** - maps data of arbitrary size to a bit string of a fixed size (a hash function) which is designed to also be a one-way function, that is, a function which is infeasible to invert **ITERATIONS** - the number of times an algorithm is run over a given hash **KEYSPACE** - the number of possible combinations for a given character set to the power of it's length (i.e. charsetAlength) **MASK-ATTACK** - using placeholder representations to try all combinations of a given keyspace, similar to brute-force but more targeted and efficient **PASSWORD-ENTROPY** - an estimation of how difficult a password will be to crack given its character set and length **PLAINTEXT** - unaltered text that hasn't been obscured or algorithmically altered through a hashing function **RAKING** - generating random password rules/candidates in an attempt to discover a previously unknown matching password pattern **RAINBOW TABLE** - a precomputed table of a targeted cryptographic hash function of a certain minimum and maximum character length **RULE** ATTACK - similar to a programming language for generating candidate passwords based on some input such as a dictionary **SALT** - random data that used as additional input to a one-way function **WORDLIST** - a collection of commons words, phrases, keyboard patterns, generated passwords, or leaked passwords, also known as a dictionary **SALT** = random data that's used as additional input to a one-way function **ITERATIONS** = the number of times an algorithm is run over a given hash **DICTIONARY/WORDLIST ATTACK** = straight attack uses a precompiled list of words, phrases, and common/unique strings to attempt to match a password. **BRUTE-FORCE-ATTACK** attempts every possible combination of a given character set, usually up to a certain length. **RULE-ATTACK** = generates permutations against a given wordlist by modifying, trimming, extending, expanding, combining, or skipping words. **MASK-ATTACK**= a form of targeted brute-force attack by using placeholders for characters in certain positions (i.e. ?a?a?a?l?d?d). **HYBRID-ATTACK** = combines a Dictionary and Mask Attack by taking input from the dictionary and adding mask placeholders (i.e. dict.txt ?d?d?d). **CRACKING-RIG**= from a basic laptop to a 64 GPU cluster, this is the hardware/platform on which you perform your password hash attacks. [[Home]] #reference #concepts