I was just watching the video on attacks, and was a bit puzzled by the explanation of birthday attacks. I'm familiar with birthday attacks on hashes, but those rely on being able to pass a modification off as an original, where the modification changes the hash to be the same as a forgery. This wouldn't be the case with password hashes, which would have to be attacked through other means. The discussion in the video said that there would be a good chance that more than one person in an organization has the same password, which might be true, but doesn't seem to help the attacker much since even if they find one user with a password, they'd have to try others to see if they have the same one. I did think of one application, that it could be exploited that someone in an organization will have one of the top 10 passwords, so that the dictionary could be confined just to them. Would that be an accurate interpretation?
Also, all of the subtitles in the video say that it is Part 2, but there is no part 1 in the sidebar. Is this an artifact of the update for the new test? A reference was made to part 1 including talk of buffer overflows, which I don't recall from any previous portion of this course.