Frequent attacks on password-based encryption are dictionary attacks with special hardware. I suspect that this is the only promising attack on the ciphertext. Is that correct?
Another attack scenario that targets passwords is keyloggers. This attack is not on the ciphertext, but on the system.
In addition to these two attack scenarios, are there any that specifically target passwords (not encryption in general)?
There are different types of attacks that are attempted on passwords such as: Offline dictionary attack: Typically, strong access controls are used to protect the system’s password file. However, experience shows that determined hackers can frequently bypass such controls and gain access to the file. The attacker obtains the system password file and compares the password hashes against hashes of commonly used passwords. If a match is found, the attacker can gain access by that ID/password combination. Countermeasures include controls to prevent unauthorized access to the password file, intrusion detection measures to identify a compromise, and rapid reissuance of passwords should the password file be compromised.
• Specific account attack: The attacker targets a specific account and submits password guesses until the correct password is discovered. The standard countermeasure is an account lockout mechanism, which locks out access to the account after a number of failed login attempts. Typical practice is no more than five access attempts.
• Popular password attack: A variation of the preceding attack is to use a popular password and try it against a wide range of user IDs. A user’s tendency is to choose a password that is easily remembered; this unfortunately makes the password easy to guess. Countermeasures include policies to inhibit the selection by users of common passwords and scanning the IP addresses of authentication requests and client cookies for submission patterns.
• Password guessing against single user: The attacker attempts to gain knowledge about the account holder and system password policies and uses that knowledge to guess the password. Countermeasures include training in and enforcement of password policies that make passwords difficult to guess. Such policies address the secrecy, minimum length of the password, character set, prohibition against using well-known user identifiers, and length of time before the password must be changed.
• Workstation hijacking: The attacker waits until a logged-in workstation is unattended. The standard countermeasure is automatically logging the workstation out after a period of inactivity. Intrusion detection schemes can be used to detect changes in user behavior.
• Exploiting user mistakes: If the system assigns a password, then the user is more likely to write it down because it is difficult to remember. This situation creates the potential for an adversary to read the written password. A user may intentionally share a password, to enable a colleague to share files, for example. Also, attackers are frequently successful in obtaining passwords by using social engineering tactics that trick the user or an account manager into revealing a password. Many computer systems are shipped with preconfigured passwords for system administrators. Unless these preconfigured passwords are changed, they are easily guessed. Countermeasures include user training, intrusion detection, and simpler passwords combined with another authentication mechanism.
• Exploiting multiple password use: Attacks can also become much more effective or damaging if different network devices share the same or a similar password for a given user. Countermeasures include a policy that forbids the same or similar password on particular network devices.
• Electronic monitoring: If a password is communicated across a network to log on to a remote system, it is vulnerable to eavesdropping. Simple encryption will not fix this problem, because the encrypted password is, in effect, the password and can be observed and reused by an adversary. Resource : Computer Security Principles and Practice William Stallings
There are several attacks on password-based encryption, each with their own techniques and their own goals.
This is the most straightforward group of attacks. The goal is to gain the password, which might be weak. The exact kind of attack may vary, from brute force, over masking attacks to mangled dictionary attacks. The outcome, however, is always the same. If you succeed, you get the password and can decrypt the file.
Passwords can't be used as keys directly. For example, AES-256 requires a key that is exactly 256 bit long. It can't be longer, it can't be shorter. As a result, you need a function that derives a key from your password. These functions are aptly-named "Key-Derivation Functions".
The user password is the input for the key derivation function (short: KDF), and the output of that function is the key for the encryption and decryption algorithm. As such, if there are weaknesses in the key derivation function, an attacker may not have to get the password, and it may be enough to exploit those flaws
The encryption function itself may have flaws, allowing an attacker to modify or or gain access to certain information. The Cipher-Block-Chaining Mode (short: CBC-Mode), for instance, is malleable, meaning that you can change specific bits in the plaintext by flipping bits in the ciphertext.
This of course depends on what the data actually means. For example, if a text message is:
AT 1630 INITIATE PLAN GAMMA If an attacker knows the rough structure of the message, e.g. AT **** INITIATE PLAN ***************, then they can flip certain bits to change the message. It doesn't allow the attacker to read the data, but it may be enough to modify the data.
You also may want to consider rainbow-tables, which are used to find out the plaintext value of a hashed password, but not by using the traditional dictionary bruteforce technique.
People behind you are always a problem. I know it's not talked about as we deal only on systems we forget there are physical weaknesses as well.
