Download eBook (PDF) - Red Gate Software

7 – One-Way Encryption• A match is identified in the Borrower_Identification table withthe attack hash value of 0xC36F02D9AC32B2E3813EFF9B6C23D99D6038FD9A revealing that the plain text value of "555-86-0625" is a valid Social Security Number within the database.• With this knowledge, the attacker gains access to associatedinformation such as the borrower's name, address and birth date.Figure 7-2: Dictionary Attack.A dictionary attack takes advantage of the inherent nature of one-wayencryption by performing the same action that is used when a user searchesone-way encrypted data, but on a larger scale.In our example, the attacker knows he is looking for Social Security Numberswhich, in their plain text form, have a standard pattern. It is also known to theattacker that Social Security Numbers are commonly stored without the dash("-") character. Therefore, the attacker has a finite set of base values that willlikely return some matches.If the DBA added a series of characters to the value of the Social SecurityNumber, before it was encrypted, the resulting hash value would be differentthan the hash value resulting from encrypting the real Social Security Number,and would increase the number of possible character combinations required toreturn a positive match.This process, called salting reduces the risk of a successful dictionary attack onthe one-way encrypted values. Additional details regarding salting, as well as aspecific example of using a salt with the HomeLending database, will beprovided later in this chapter.Rainbow Table Attack VulnerabilityDatabase Administrators are not the only people interested in efficiency. Thosewho are interested in attacking a database to reveal sensitive data that isprotected through one-way encryption are also interested in the efficiency oftheir efforts. In order to initiate a dictionary attack on a database containing151