You are here >  theory >  passwords

Introduction to Password Cracking

TOP

Password cracking is the alternate way to determine the password that is stored in a system or is being transmitted over wire from/to a system. The reason for us to say that it is an alternative way is because, password cracking process is not something where you are directly talking to the system and asking it for the stored or transmitted password. You are pretty much forcing the system with different techniques to spit out the password. These techniques include password guessing, bruteforce, dictionary, rainbow table, etc. Although, the word 'cracking' immediately sounds illegal or unauthorized and for sure password cracking is used by most attackers to gain unauthorized access, they are used for password storage and retrieval of authorized users too. Authorized users might forget or misplace passwords, due to various reasons. This happens especially when people pick "hard to remember" passwords. "Hard to remember" does not mean "hard to guess" always. Sometimes they do go hand-in-hand, although it is like saying that a wallet that cannot be reopened is secure. Well yes, they are secure. But what is the use of a wallet, if it is not accessible to authorized users themselves. This is why we must follow the concept of "easy to remember, hard to guess".

Password Recovery

TOP

Password recovery tools uses the concept of password cracking to recover forgotten passwords to authorized users. Although, if you use password storage tools to securely store your passwords for several accounts, password cracker is not required unless you have forgotten the password of the storage tool itself. The time taken to crack a password can vary from few seconds to days, to years. This depends on various factors, some of which includes:

Tools out there

TOP

There are various tools that could crack passwords. Although, it is good to pick and choose the one that would really help you by converting your manual labor into semi-automated task and thereby reducing your time and energy, utilized to crack passwords. Some of the the famous tools that are commonly used for password cracking are Cain and Abel, John the Ripper, THC Hydra, Aircrack, L0phtcrack, AirSnort, SolarWinds, Pwdump, RainbowCrack and Brutus [1]. There are other tools from ElcomSoft, Lastbit, LCPSoft and other organizations that dedicate their time and money in building password retrieval/extracting tools. If you would like to go further and educate yourself with the types, techniques and the tools used for password cracking, checkout the "Theory" and "Research" sections in Password Analytics web-portal.

References

TOP

[1] Top 10 Password Crackers -- http://sectools.org/crackers.html

EvilFingers Arsenal






























Socialize with RootkitAnalytics

Twitter Feed Blogspot

Socialize with EvilFingers

Twitter Feed Blogspot LinkedIn Delicious Google

Tweets