Password as we all know is some secret string of some characters that is typically used for the authentication purpose and as a means of identity proof.
WHAT IS PASSWORD?
- Password is way through which you access your some accounts and resources.
- A password is not meant for the other except the account holder.
- Passwords have been in use since ancient history and of course the password theft or cracking also!
- Nowadays passwords are more known for their use in the log in process to various systems like an operated system, ATMs, cell phones, email accounts and so on.
- It is not necessary that a password should be some meaningful word; rather it can be anything silly that is probably difficult to be guessed by the others.
- There are many types of passwords like passphrase (password formed by more than one word), PIN (personal identification number, numerical password).
- Passwords are again very much vulnerable since they are not as secure as their cryptographic counterparts i.e., protocols.
- These days password theft, password spoofing etc is quite common.
FACTORS AFFECTING THE SECURITY OF PASSWORD
Before we explain to how a password is cracked, you should know what all the factors affect the security of a password.
- Any password protected system is provided protection against the viruses, Trojans etc.
- Physical security measures like shoulder surfing are also implemented.
- Many a times less extreme measures are also used like:
1. Side channel attack
2. Extortion and
3. Rubber hose cryptanalysis
HOW SECURITY OF PASSWORD PROTECTED SYSTEM IS DETERMINED?
- The security of a password protected system is often determined by the rate at which the attacker or hacker can guess the password.
- To overcome this threat a “time out” of a few seconds can be implemented or a fixed number of chances should be given to type in the correct password.
- Many of the computer systems are now implementing these techniques.
- In some systems the cryptographic hash of the password gets stored which makes the password accessible to an attacker.
- The attacker can obtain the actual password from this hash password value.
- Passwords with high guessing rates are commonly used for cryptographic keys generation process.
HOW PASSWORD CRACKING IS DONE?
- Password cracking is recovering of the passwords from the stored or transmitted data in a computer system.
- There are many approaches developed to crack a password:
1. Guessing
This is perhaps the most common approach and does not require any special skills.
2. Changing the password
This method is second on the list of password cracking methodologies. When a user forgets his/ her password, the system allows the changing of the password following an authentication process.
3. Brute force cracking
This type of cracking involves trying every possible password till the right one is achieved.
4. Dictionary attacks
This method is also very much common and involves trying of the candidate passwords using a cracking dictionary.
5. Pattern checking
6. Word list substitution
PURPOSE FOR PASSWORD CRACKING
- The purpose for the cracking of password can be a positive one, for example, the user of a particular account might have forgotten his password and could not access his account.
- The purpose for the cracking of password can be negative one i.e., for gaining unauthorized access to a computer system, mischief purposes etc.
Time taken to crack a password is directly proportional to the strength of its character set or bits.
- The complex a password, the longer it will take to crack it.
- In some password cracking processes, the system is made to generate the similar types of passwords.
- Such passwords are called candidate passwords.
- Password cracking rate depends on the availability of the hash and the limitations of the software authentication.
Tuesday, March 20, 2012
How is password cracking done?
Monday, March 19, 2012
Explain the concepts of password cracking?
Password cracking is one of important and most sought after concepts under the category of computer security and crypt analysis. Password cracking is such a term that is self explanatory i.e., we can make out from the term itself that it is all about recovering the passwords.
The passwords can be recovered from the data that is transmitted and stored by a computer system or network. Till date many approaches have been formulated for the cracking of passwords.
APPROACH FOR PASSWORD CRACKING
- The most common approach which is still so much in use is repeated guessing of the password till one gets the right one.
- Nowadays passwords are more known for their use in the log in process to various systems like an operated system, ATMs, cell phones, email accounts and so on.
- It is not necessary that a password should be some meaningful word; rather it can be anything silly that is probably difficult to be guessed by the others.
- There are many types of passwords like passphrase (password formed by more than one word), PIN (personal identification number, numerical password).
- Passwords are again very much vulnerable since they are not as secure as their cryptographic counterparts i.e., protocols.
- These days password theft, password spoofing etc is quite common.
FACTORS AFFECTING THE SECURITY OF PASSWORD
- Any password protected system is provided protection against the viruses, Trojans etc.
- Physical security measures like shoulder surfing are also implemented.
- Less extreme measures are still so very in use namely Side channel attack,
Extortion and, Rubber hose crypt-analysis.
- It is not necessary that password cracking has always a bad reason behind it.
- There can also be some reasonable and genuine causes for cracking a password.
- The password cracking process usually takes much time depending up on the strength of its bits.
- The measure of the strength of the bits of a password give an indication about the information entropy of it.
- Many of the computer systems are now implementing these techniques.
- In some systems the cryptographic hash of the password gets stored which makes the password accessible to an attacker.
- The attacker can obtain the actual password from this hash password value.
- Passwords with high guessing rates are commonly used for cryptographic keys generation process.
HOW PASSWORD CRACKING IS DONE?
- To say it simply the password cracking is recovering of the passwords from the stored or transmitted data in a computer system.
- Passwords whether easy to remember or hard to guess always have a problem associated with them.
- The password which may seem easy to remember to the user often might also be easy
for an attacker to crack.
- On the other hand a difficult password is a contributing factor in reducing the security of the system since it has to be physically written and stored somewhere.
- In such cases the user tends to use the same password for a long time or to reset it again and again in case he/ she forgets it.
- All this stuff makes a system vulnerable and calls for more stringent security checks for password.
- There are several measures to increase the password strength like using a mixture of both lower case and upper case alphabets, numbers and special characters.
- But such kinds of measures only make the memorisation of these passwords more difficult.
- The best measure here to avoid such memory traps can be to design a personal algorithm for the generation of obscure passwords whenever you plan to change your password.
