Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time?

A security consultant was hired to audit a company’s password are account policy.

The company implements the following controls:

– Minimum password length: 16

– Maximum password age: 0

– Minimum password age: 0

– Password complexity: disabled

– Store passwords in plain text: disabled

– Failed attempts lockout: 3

– Lockout timeout: 1 hour

The password database uses salted hashes and PBKDF2.

Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time?
A . Offline hybrid dictionary attack
B . Offline brute-force attack
C . Online hybrid dictionary password spraying attack
D . Rainbow table attack
E . Online brute-force attack
F . Pass-the-hash attack

View Answer

Answer: C