Brute force, dictionary, and hybrid attacks are established techniques specifically designed to discover or crack passwords. A brute-force attack systematically attempts every possible combination of characters. A dictionary attack uses a predefined list of common words, phrases, and known passwords. A hybrid attack is a more sophisticated method that combines a dictionary attack with brute-force techniques, such as by adding numbers or symbols to dictionary words (e.g., "password123"). These methods are used to either guess a password against a live authentication system or to crack stored password hashes offline.

A. Cross-Site Scripting attack: This is a web application vulnerability that injects malicious client-side scripts into a trusted website, not a direct password guessing or cracking technique.

C. Man-in-the-middle attack: This is a network eavesdropping attack that intercepts communication. While it can be used to capture credentials, it is not a method of attacking the password's composition itself.

1. National Institute of Standards and Technology (NIST) Computer Security Resource Center (CSRC) Glossary.

Brute Force Attack: Defines it as "A method of guessing a password or other sensitive data by systematically trying all possible combinations of legal characters in sequence."

Dictionary Attack: Defines it as a technique that tries "millions of likely possibilities

such as words in a dictionary" to determine a passphrase.

These definitions clearly categorize options B and E as password attack methods. The glossary can be accessed at: https://csrc.nist.gov/glossary

2. Weir

C. S.

& Douglas

G. (2012). Password cracking and counter-measures: A comparative study of the art. School of Computing

University of Abertay Dundee.

Section 2.2

"Password Cracking Techniques": This section details various password cracking methods

explicitly describing Dictionary Attacks

Brute-Force Attacks

and Hybrid Attacks. It states

"A hybrid attack is a combination of a dictionary attack and a brute-force attack... This type of attack is useful for cracking passwords that are based on a dictionary word but have been modified slightly." This directly supports B

D

and E as password attack techniques.

3. MIT OpenCourseWare

6.858 Computer Systems Security

Fall 2014.

Lecture 4: Authentication: The lecture notes discuss password security and threats

explicitly mentioning "Dictionary attack" and "Brute-force attack" as methods for cracking password hashes.

Lecture 10: Web Security: This lecture defines Cross-Site Scripting (XSS) as an attack where an attacker "injects script into an application's output

" distinguishing it from password-cracking methods. This supports the exclusion of option A.