What is password cracking?
In the field of cyber security and cryptography, password cracking tools plays a very major role. It’s basically the process of recovering passwords to breach (or restore) the security of a computer system. You can easily relate it to repeatedly guessing your phone’s unlock pattern or pin.
The purpose of password cracking revolves around recovering the forgotten passwords of our online accounts, computers, and smartphones. Password cracking is also used by system administrators as a preventive measure. They keep checking them on the regular basis to look for the weak links.
The time needed to crack a password is proportional to the length and strength of that password. That’s why users are advised to use complex passwords that are harder to guess. The password cracking speed of a tool also depends heavily on the cryptographic function that’s used to generate password hashes. Thus, a potent hashing function like bcrypt is preferred over the likes of SHA and MD5.
There are many password cracking software tools, but the most popular are Aircrack, Cain and Abel, John the Ripper, Hashcat, Hydra, DaveGrohl, ElcomSoft, etc...you find best password cracking tools? click here
Types of password cracking attacks:
1) Dictionary attack:
Dictionary Attacks are a method of using a list of words on the interface or program that is protecting the area that you want to gain access to. The most simple password crackers using dictionary attacks use a list of common single words, "dictionary". More advanced programs often use a dictionary on top of mixing in numbers or common symbols at the beginning or end of the guessed words and show you password.
Tools For Dictionary attack: John the Ripper, L0phtCrack, and Cain And Abel.
2) Brute force attack:
Brute force password attacks are a last resort to cracking a password as they are the least efficient. In the most simple terms, brute force means to systematically try all the combinations for a password. This method is quite efficient for short passwords, but would start to become infeasible to try, even on modern hardware, with a password of 7 characters or larger. Assuming only alphabetical characters, all in capitals or all in lower-case, it would take (8,031,810,176) guesses. This also assumes that the cracker knows the length of the password. Other factors include number, case-sensitivity, and other symbols on the keyboard. The complexity of the password depends upon the creativity of the user and the complexity of the program that is using the password.
Tools For Brute force attack: John the Ripper, Rarcrack, and Oracal password cracker.
3) Rainbow table attack:
Rainbow tables are a type of precomputed password attack. The previous two attacks, Dictionary and Brute-Force, enter a password into the locked program, the program then hashes the entry and compares the hash to the correct password hash. Rainbow tables compute hashes for each word in a dictionary, store all of the hashes into a hash table, retrieve the hash of the password to be cracked, and do a comparison between each password hash and the real password hash. This method assumes that you can retrieve the hash of the password to be guessed and that the hashing algorithm is the same between the rainbow table and the password. As the majority of common, low-security hashes are computed using MD5, sometimes SHA-1, this problem isn't very worrisome.
Tools For Rainbow table attack: OphCrack, Oracle password cracker, and RainbowCrack.
There are lots of other password cracking techniques like phishing, spidering, social engineering, shoulder surfing etc. Soon, I’ll be discussing them in detail in another article.
In the field of cyber security and cryptography, password cracking tools plays a very major role. It’s basically the process of recovering passwords to breach (or restore) the security of a computer system. You can easily relate it to repeatedly guessing your phone’s unlock pattern or pin.
 |
| password cracking tools |
The purpose of password cracking revolves around recovering the forgotten passwords of our online accounts, computers, and smartphones. Password cracking is also used by system administrators as a preventive measure. They keep checking them on the regular basis to look for the weak links.
The time needed to crack a password is proportional to the length and strength of that password. That’s why users are advised to use complex passwords that are harder to guess. The password cracking speed of a tool also depends heavily on the cryptographic function that’s used to generate password hashes. Thus, a potent hashing function like bcrypt is preferred over the likes of SHA and MD5.
There are many password cracking software tools, but the most popular are Aircrack, Cain and Abel, John the Ripper, Hashcat, Hydra, DaveGrohl, ElcomSoft, etc...you find best password cracking tools? click here
 |
| password serve |
Types of password cracking attacks:
1) Dictionary attack:
Dictionary Attacks are a method of using a list of words on the interface or program that is protecting the area that you want to gain access to. The most simple password crackers using dictionary attacks use a list of common single words, "dictionary". More advanced programs often use a dictionary on top of mixing in numbers or common symbols at the beginning or end of the guessed words and show you password.
Tools For Dictionary attack: John the Ripper, L0phtCrack, and Cain And Abel.
2) Brute force attack:
Brute force password attacks are a last resort to cracking a password as they are the least efficient. In the most simple terms, brute force means to systematically try all the combinations for a password. This method is quite efficient for short passwords, but would start to become infeasible to try, even on modern hardware, with a password of 7 characters or larger. Assuming only alphabetical characters, all in capitals or all in lower-case, it would take (8,031,810,176) guesses. This also assumes that the cracker knows the length of the password. Other factors include number, case-sensitivity, and other symbols on the keyboard. The complexity of the password depends upon the creativity of the user and the complexity of the program that is using the password.
Tools For Brute force attack: John the Ripper, Rarcrack, and Oracal password cracker.
3) Rainbow table attack:
Rainbow tables are a type of precomputed password attack. The previous two attacks, Dictionary and Brute-Force, enter a password into the locked program, the program then hashes the entry and compares the hash to the correct password hash. Rainbow tables compute hashes for each word in a dictionary, store all of the hashes into a hash table, retrieve the hash of the password to be cracked, and do a comparison between each password hash and the real password hash. This method assumes that you can retrieve the hash of the password to be guessed and that the hashing algorithm is the same between the rainbow table and the password. As the majority of common, low-security hashes are computed using MD5, sometimes SHA-1, this problem isn't very worrisome.
Tools For Rainbow table attack: OphCrack, Oracle password cracker, and RainbowCrack.
There are lots of other password cracking techniques like phishing, spidering, social engineering, shoulder surfing etc. Soon, I’ll be discussing them in detail in another article.
0 Comments