Subscribe by Email

Tuesday, March 20, 2012

How is password cracking done?

Password as we all know is some secret string of some characters that is typically used for the authentication purpose and as a means of identity proof.


- Password is way through which you access your some accounts and resources.
- A password is not meant for the other except the account holder.
- Passwords have been in use since ancient history and of course the password theft or cracking also!
- Nowadays passwords are more known for their use in the log in process to various systems like an operated system, ATMs, cell phones, email accounts and so on.
- It is not necessary that a password should be some meaningful word; rather it can be anything silly that is probably difficult to be guessed by the others.
- There are many types of passwords like passphrase (password formed by more than one word), PIN (personal identification number, numerical password).
- Passwords are again very much vulnerable since they are not as secure as their cryptographic counterparts i.e., protocols.
- These days password theft, password spoofing etc is quite common.


Before we explain to how a password is cracked, you should know what all the factors affect the security of a password.

- Any password protected system is provided protection against the viruses, Trojans etc.
- Physical security measures like shoulder surfing are also implemented.
- Many a times less extreme measures are also used like:
1. Side channel attack
2. Extortion and
3. Rubber hose cryptanalysis


- The security of a password protected system is often determined by the rate at which the attacker or hacker can guess the password.

- To overcome this threat a “time out” of a few seconds can be implemented or a fixed number of chances should be given to type in the correct password.

- Many of the computer systems are now implementing these techniques.

- In some systems the cryptographic hash of the password gets stored which makes the password accessible to an attacker.

- The attacker can obtain the actual password from this hash password value.
- Passwords with high guessing rates are commonly used for cryptographic keys generation process.


- Password cracking is recovering of the passwords from the stored or transmitted data in a computer system.
- There are many approaches developed to crack a password:

1. Guessing
This is perhaps the most common approach and does not require any special skills.

2. Changing the password
This method is second on the list of password cracking methodologies. When a user forgets his/ her password, the system allows the changing of the password following an authentication process.

3. Brute force cracking
This type of cracking involves trying every possible password till the right one is achieved.

4. Dictionary attacks
This method is also very much common and involves trying of the candidate passwords using a cracking dictionary.

5. Pattern checking
6. Word list substitution


- The purpose for the cracking of password can be a positive one, for example, the user of a particular account might have forgotten his password and could not access his account.
- The purpose for the cracking of password can be negative one i.e., for gaining unauthorized access to a computer system, mischief purposes etc.

Time taken to crack a password is directly proportional to the strength of its character set or bits.
- The complex a password, the longer it will take to crack it.
- In some password cracking processes, the system is made to generate the similar types of passwords.
- Such passwords are called candidate passwords.
- Password cracking rate depends on the availability of the hash and the limitations of the software authentication.

No comments:

Facebook activity