0
1.5kviews
Password - Cracking
1 Answer
0
39views

Password is like a key to get an entry into computerized systems like a lock. Password cracking is a process of recovering passwords from data that have been stored in or transmitted by a computer system.Usually, an attacker follows a common approach-repeatedly making guesses for the password. The purpose of password cracking is as follows:

  1. To recover a forgotten password.
  2. As a preventive measure by system administrators to check for easily crackable passwords.
  3. To gain unauthorized access to a system.

Manual password cracking is to attempt to logon with different passwords. The attacker follows the following steps:

  1. Find a valid user account such as an Administrator or Guest
  2. Create a list of possible passwords;
  3. Rank the passwords from high to low probability;
  4. Key-in each password;
  5. Try again until a successful password is found.

Passwords can be guessed sometimes with knowledge of the user's personal information. Examples of guessable passwords include:

  1. Blank (none);
  2. The words like "password," "passcode" and "admin";
  3. Series of letters from the "QWERTY" keyboard, for example, qwerty, asdf or qwertyuiop;
  4. User's name or login name;
  5. Name of user's friend/relative/pet;
  6. User's birthplace or date of birth, or a relative's or a friend's;
  7. User's vehicle number, office number, residence number or mobile number
  8. Name of a celebrity who is considered to be an idol (e.g, actors, actress, spiritual gurus) by the user;
  9. Simple modification of one of the preceding, such as suffixing a digit, particularly 1, or reversing the order of letters.

    An attacker can also create a script file (i.e, automated program) which will be executed to try each password in a list. This is still considered manual cracking, is time-consuming and not usually effective.

Passwords are stored in a database and password verification process is established into the system when a user attempts to login or access a restricted resource. To ensure confidentiality of passwords, the password verification data is usually not stored in a clear text format. For example, one-way function is applied to the password, possibly in combination with other data, and the resulting value is stored. When a user a user attempts to login to the system by entering the password, the same function is applied to the entered value and the result is compared with the stored value. If they match, user gains the access; this process is called authentication.

Password cracking attacks can be classified under three categories as follows:

  1. Online attacks;
  2. Offline attacks;
  3. Non-electronic attacks
Please log in to add an answer.