Skip to main content

Password Cracking.


When we are thinking about the security the main thing which is coming to our minds is “Password”. Because, to securing the data/information digitally we have need to go for the password protection instead of encryption. Password is protecting the identity of an individual or group of people (organization). Generally password is considering as the 1st defensive mechanism to protect the resources from the hackers. If we move on to a social media or online money transaction or emails something which are containing our information digitally they all are requiring password to move inside. So, password is challenging the hackers to gain the access. But when it’s come to cyber everything can be possible. According to that, this article containing the way to crack the password. 

Guessing :

Many users are having the mindset of “easy to remember” instead of considering the security importance when creating the password (e.g. user login). If that password is easy to remember by the user, then it is easy for the hacker to guess the password. Some following ideas given below are the general ideas of guessing the password of many un-knowledge users.
·         The word “password” is use for the password.
·      Password is same as the user name. E.g. Router configuration Username: admin and Password: admin (username and password are same).
·         Name of the user as the password.
·         User’s birthday or birth places. (Birthdays & birth places – can be his/her relatives)
·         Names of relatives
·         Pets name
·         Favorite things such as books, sentence, places, etc.
This guessing method is more efficient method to crack the password without using automated programs.

Note:If its works and able to find the password, we can suggest that this kind user’s password is same for the other protecting areas too (he won’t use multiple passwords).

Dictionary Attacks:

By looking at the term we can understand it’s meaning, by using dictionary we are finding the password of the user. But this dictionary is not like the normal dictionary. It can be a program of containing the listed words which are suggested by the password crackers. These suggested words may contain numbers and symbols at the end of the word or at the beginning. Password cracker can collect the words from the user’s personal information (e.g. nick name) and they might be not a proper word too. For this method the hacker/password crackers need to compare 100 or 1 million possibilities.
By this method we can access the password of the users who are using ordinary and common passwords (e.g. 123abc).

Note: When considering different language the words can be different, so this method is very hard to guess the password. User might use a word that is not in the dictionary or make use of two words in the password are also making this method hard to find the password. 

Brute Force:

This method is successful for the short passwords. In this method we are checking the combinations of the words (letters + symbols) for a password systematically. By checking the combinations systematically this method is consider as time consuming approach. But unfortunately it is infeasible to try for the long passwords. Just imagine we are guessing a 7 character password which is only containing alphabets (capital or lower case) letters, then we have need to check for the combination of 26 to the power 7 (267) and it will be 8031810176 guesses. Funniest thing in this mechanism is, this is an infallible method to find the password but whether you can’t assure that you will be alive when it finally guesses.

Note: Hacker/password cracker need to know the size of the password before guess the combinations (e.g. ATM cards are having 4 digits for their pin numbers).

These are some methods uses generally and easily by everyone. There are some more methods such as rainbow table, benchmarking and salt to crack the passwords.

Bruce Schneier an American cryptographer mentioned 20 most password that are using by the general users, they are “password1, abc123, myspace1, password, blink182, qwerty1, fuckyou, 123abc, baseball, football, 123456, soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1 and monkey”. These common passwords founded nearly 5% of the stolen passwords by the password crackers. We can assume the user’s creativity towards the passwords by observing such kind of the common password.  But keep in mind that most of the user’s passwords are always include real words or some sort of real words because they are using the passwords which they can easily remember what I said before.




©IT Today

Comments

Post a Comment

Popular posts from this blog

What is Google Hacking?

As an ethical hacker we have need to follow some general steps to be a good ethical hacker. Such that steps/stages can be listed as follows. But these steps are not a defined one. We can change them according to our needs. 1    . Reconnaissance – Gathering the information which are having the security vulnerability. 2   . Scanning - Examine/explore a target machine/network for the vulnerability that can be make use to go inside. 3    .Gaining Access – After scanning process make use of the vulnerability and attempt to move inside to the system to exploit. 4    . Maintaining Access – After moved into the machine/network hacker needs to make some backdoor to gain the access again. 5    . Clearing Tracks (unethical) – Clearing the traces of all the activities what they done in their hacking process. 6    . Reporting – End of the ethical hacking process in order to make some notes on the findings, things done in the hacking...
Post a Comment
Read more

1st Program in Maven @ Ubuntu

Maven What is Maven? It is a Build tool – building a code in a development environment Project management tool – it helps to generate reports, helps in the dependency management, etc. Maven as a Build tool. Why we are using Maven? To reduce the common problems and activities which are needed, when we are developing applications. 1. Multiple jars – Program may contain one/many frameworks and frameworks are need to include it all the required “jar”. “jar” are need to available in compile time, need to bundle them in the distribution. (We can miss something/ we don’t know what is jar?) 2. Dependencies and versions – a jar can depend on another jar, so we have need to make sure that all my dependencies are closed and make sure that I have supplied all the dependencies. Dependencies could differ bases on the versions. 3. Project structure – Proper structure for the application. (E.g. Directories, libraries , etc.) 4. Building, publis...
Post a Comment
Read more

'OpenID Connect' Client App Creation on Auth0

If we are going to use OIDC (OpenID Connect), we have need to know the definitions of OAuth and OIDC. Because OAuth is for authorization and OIDC is on top of OAuth to provide authentication. So, OIDC is providing authorization and authentication.   What is OAuth? The OAuth 2.0 authorization framework enables third-party applications to obtain limited access to a web service. [To see more on OAuth itwithcs.blogspot.com: Click here ] What is OpenID Connect? OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. It uses simple JSON Web Tokens (JWT), which you can obtain using flows conforming to the OAuth 2.0 specifications. What are Identity Servers? Identity server are the core part of any identity and access control i...
Post a Comment
Read more