IT-Sec_Group_K/it-sec-exercises
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity

Compare commits

base: IT-Sec_Group_K:07568edbcdc2e0993076b1f6e10ef7aae313bf4a
Branches Tags
IT-Sec_Group_K:main
IT-Sec_Group_K:sheet05-submission IT-Sec_Group_K:sheet04-submission IT-Sec_Group_K:sheet03-submission IT-Sec_Group_K:sheet02-submission IT-Sec_Group_K:sheet01-submission
...
compare: IT-Sec_Group_K:203f68ea1b21dffcd600fa9b438be044792df30a
Branches Tags
IT-Sec_Group_K:main
IT-Sec_Group_K:sheet05-submission IT-Sec_Group_K:sheet04-submission IT-Sec_Group_K:sheet03-submission IT-Sec_Group_K:sheet02-submission IT-Sec_Group_K:sheet01-submission

3 Commits
07568edbcd ... 203f68ea1b

Author SHA1 Message Date
Julian Golenhofen
203f68ea1b feat: task b done 2026-05-06 11:11:27 +00:00
Julian Golenhofen
20bdc23597 feat: finish task a 2026-05-06 11:03:09 +00:00
Julian Golenhofen
92820ce20c feat: parts of task a 2026-05-06 10:55:52 +00:00
2 changed files with 101 additions and 0 deletions
Expand all files Collapse all files

98
sheet03/a1/a.txt
View File

@@ -0,0 +1,98 @@
1.
positives:
- The password is very hard to guess / bruteforce
- There are no physical ways to obtain the password except for hacking one of the services where you have an account
- You don't have to remember a lot and the effort is low compared to other methods
negatives:
- If one service gets hacked and your password is found out, all your accounts are compromised
- If you forget your password, you don't have a good recovery method for your account (unless the service provides one)
- Even though your password is pretty strong, you are still a pretty easy target
2.
positives:
- The password is very hard to guess / bruteforce
- There are no physical ways to obtain the password except for hacking one of the services where you have an account
- You don't have to remember a lot and additionally to 1 only the method you're using (that you append the first letter of every service to it)
negatives:
- If one service gets hacked and your password is found out, getting into other accounts is harder than 1, but still pretty easy if they figure out your method
- If you forget your password, you don't have a good recovery method for your account (unless the service provides one)
- Even though your password is pretty strong, you are still a pretty easy target (although a tougher one than 1)
3.
positives:
- Your passwords are very hard to guess / bruteforce
- If one of your accounts gets hacked, none of your others compromised
- You don't have to remember a lot, except for the secure place / the means to get to the secure place
negatives:
- If someone finds and steals your password book, you don't have any means of getting your accounts back
- If you need to access your passwords from somewhere where you don't have access to your password book, you can't log into any of your accounts
- Keeping the password book around is a huge maintenance burden (compared to 1 + 2 for example)
4.
positives:
- Your passwords are very hard to guess / bruteforce
- If one of your accounts gets hacked, none of your others are compromised
- You can easily take all of your passwords with you
negatives:
- If someone finds and steals your USB stick, you don't have any means of getting your accounts back
- If you need to access your passwords from somewhere where you don't have access to your USB stick, you can't log into any of your accounts
- Keeping the USB stick around is a little bit of a burden (compared to 1 + 2 for example, 3 is a bigger burden of course)
5.
positives:
- Your passwords are very hard to guess / bruteforce
- If one of your accounts gets hacked, none of your others are compromised
- Finding all of your passwords is really easy and convenient
negatives:
- If your PC breaks, you don't have access to any of your passwords anymore
- If you don't have access to your PC where you need one of your passwords, you can't log into your accounts
- If you lose any of your passwords, you don't have a proper way of getting them back (like deleting it on accident or something)
6.
positives:
- Your passwords are very hard to guess / bruteforce
- If one of your accounts gets hacked, none of your others are compromised
- Taking your passwords with you is really easy
negatives:
- If the service storing your passwords gets hacked (and is not properly protected), all of your passwords could be vulnerable
- Depending on how you access this password manager, your account may not be so secure
- You need to keep around an extra password for your password manager (that you need a good strategy for as well)
7.
positives:
- Bruteforcing one of your passwords doesn't leak your main password (assuming the password derivation is good)
- If one of your accounts gets hacked, none of your others are compromised
- Knowing your main password, means you know all of your passwords (because they are simply derived, they are not unrelated to your main password)
negatives:
- You need to keep around an extra password for your password derivation service (that you need a good strategy for as well)
- If your main password is found out, all of your accounts are compromised
- You are a relatively easy target since all it takes is cracking your main password (and knowing one site you have an account for)
8.
positives:
- Your passwords are very hard to guess / bruteforce
- If one of your accounts gets hacked, none of your others are compromised
- Finding all of your passwords is really easy and convenient
negatives:
- If your PC breaks, you don't have access to any of your passwords anymore
- If you don't have access to your PC where you need one of your passwords, you can't log into your accounts
- If you lose any of your passwords, you don't have a proper way of getting them back (like deleting it on accident)
9.
positives:
- You don't have to remember a lot of passwords
- If one of your accounts gets hacked (and are unrelated to the password reset method), none of your others are compromised
- Getting into your accounts is really easy
negatives:
- If your reset password method gets compromised, you don't have a way of getting back your account
- Not all services may have a reset password function
- You are a relatively easy target since all it takes is cracking your reset password method (if it is an email address for example)

3
sheet03/a1/b.txt
View File

@@ -0,0 +1,3 @@
A potential strategy is to use a password manager, like Proton Pass, that encrypts all of your passwords when they are uploaded to the cloud. With this approach, you have to remember one password for your password manager and get a really convenient solution that won't break down even if the provider were to be compromised (as in the service itself). With a good recovery strategy like keeping something like a recovery token in a secure place in your house, you can make sure you never lose access to your password manager.
This approach of course has downsides, if the password you use for the password manager is weak, you are still an easy target. Like you would be with 1 or 2, but you would still have a recovery method. Compared to 7 however, you still never have a way of knowing your passwords without authenticating with the provider you're using. On top of that, keeping the recovery token at home makes you vulnerable to physical attacks similar to 3 or 4. These attacks are usually a hard thing to perform though, so I think it's still better than using a cloud password manager or one provided by your operating system.