Password cracking

It is the process of recovering secret passwords from data stored in computer. The purpose is to help a user to recover forgotten password or to gain unauthorized access. Now a days the password is stored in the encrypted form using crytography.

Encryption algorithms

DES (data encryption standard) Diffie Hellman algorithm Blowfish

PASSWORD STEALING

DICTIONARY ATTACKS HYBRIDISATION BRUTE FORCE ATTACKS OBSERVATION SOCIAL ENGINEERING SNIFFING METHODS PASSWORD FILE STEALING

DICTIONARY ATTACKS

A Dictionary attack is the process of guessing user passwords with the help of a list of common words. To perform a dictionary attack, a hacker uses the dictionary that contain common words, such as meaningful words & common names.

Words the dictionary can contain

The name of the user Name of the users spouse or children Pet names Date of birth of the user or his or her family members Place of the residence of the user Names of the famous movies & music albums Names of famous places

Hybridisation

Hybridization is the process of deriving new words from each word in a dictionary by adding numbers & letters to the word. After creating combinations of numbers & words, those are compared with the password.

Brute Force Attacks

A Brute Force attack employs all the possible combinations of letters, numbers & special characters to determine the target password. BFA is time consuming, its speed also depends upon: Processing speed of the computer Length of the password Location of the file that contain password

observation

In this method a hacker searches a users workstation or computer for password information, because user might have chosen complex password that is difficult to remember and write down that in his text documents. The requirement of physical access to computers is the limitation of this method

KEYLOGGERS

A keyloggers is a program that records the keystrokes made by the user into a file. Stealth Keyboard Interceptor Professional is an example.

After installing the keylogger, the hacker can examine the file generated by the program and try the keystrokes in that file as keywords.

Social engineering

It is a process in which hackers use social contacts to find out the password. A hacker pretends to be a legitimate user of the target system and tries to extract information by cheating other users.

SNIFFING METHOD Hackers use sniffers to extract cleartext password which r not encrypted while exchanged between client and server

PASSWORD FILE STEALING Includes stealing password storage files like passwords r stored in etc/passwd in UNIX.

PASSWORD CRACKERS

Some popular password crackers are Crack John The Ripper Telnet-Brute Thunk Rainbow Crack and Rainbow Table

PREVENTION

Ensure that attackers cannot get access even to your encrypted password. Prevent your system from being checked for a large number of passwords in small amount of time. It is also imperative to use good passwords and a good encryption algorithm.