WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.4  Attacks

Previous Topic/Section
1.4.9  Social Engineering
Previous Page
Pages in Current Topic/Section
1
Next Page
 1.4.11  Password Guessing
Next Topic/Section

1.4.10  Birthday

A birthday attack is a type of brute force attack. The name comes from the birthday paradox which states that, as few as 23 people brought together double the probability that two of the people share the same birthday. This may fly in the face of common sense; however it is not possible to argue with the math86.

The high probability of duplicates within a relatively small number of samples means that it is possible to create a mathematically identical message digest (practically-unique identifier, discussed in the Cryptography chapter) for a different message or document. Statistically speaking, you’ll usually find a duplicate value before you’ve tried even half the possible combinations.

Fortunately, the message that produces the duplicate will (in all probability) obviously be invalid (probably a string of gibberish characters rather than coherent words or whatever else the original message contained), and the recipient of such a message would be suspect of it even if the message digest were the same.

Happy Birthday?

A birthday attack is a specific kind of brute force attack that takes advantage of the fact that multiple sets of source data can encrypt to the same hash value. For example, it could be used to find another message that would encrypt to the same MD5 hash value associated with an original message. Theoretically, this would let an attacker change the contents of the message.

It is referred to as a birthday attack because it takes advantage of probabilities, much like the old trick in which you would bet your friend dinner that two people in a 50-person room shared the same birthday (and you would usually win, due to the odds increasing with each additional person in the room).



 __________________

86. http://www.veracity.com/tutorial/sig_secure.html

Previous Topic/Section
1.4.9  Social Engineering
Previous Page
Pages in Current Topic/Section
1
Next Page
 1.4.11  Password Guessing
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.