Ever curious how professionals and Hackers alike recover/crack/audit Passwords.? We can tell you how and what software they use and sources from the net where you can get it for free. This information will transform your outlook on the use of passwords for data protection in daily use. For example an eight letter alphanumeric password such as "spade938" takes only on average 3.7 seconds to crack. No unlawful activity is involved at any stage of learning to recover/audit/crack passwords.
What is password recovery/ cracking/ resetting/ auditing?
Password Cracking/Recovery: where a person has forgotten or lost his/password, software is used to automate the process of guessing the right "password".
Password Resetting - Where it is not necessary to recover the original forgotten/lost password, a person can chose to have the system disable the original password and ask for the new password to be set. This is what most commercially available Window's Administrator password resetting disks do.
Password Auditing. Auditing is checking the security of the password system (a computer network ) by running automated password guessing software. Essentially the software will reveal passwords in order of password strength. Password auditing is done with the same software used in cracking/recovery.
Password Cracking/ Recovering: the process starts with getting the password hashes. It is from password hashes that the password is recovered/cracked. What is a password hash?. Essentially password hash is 32 byte encrypted form of the password, stored by the system. When you set the password, the system takes your password and runs it through encryption algorithm to produce password hash which is then stored. Password recovery/cracking software essentially duplicates the original encryption process at lightening fast speed until it produces password hash that is identical to the password hash under examination for cracking/recovery. On a home computer up to 10 million tries per minute can be made to crack/recover a password. There are four automated password cracking/recovery techniques;
1.Dictionary attack: Password cracking software will run the entire dictionary through the password encryption algorithm to get the hashes to compare to the hashes of the "unknown" password. If the person has selected any word or slang found in the dictionary, it is not going to take an average home computer more than 10 minutes to crack/recover it. This is the thus the quickest of all techniques.
2.Hybrid attack: deals with passwords which are essentially words with numerals/symbols attached to either end of them i.e. hybrid of word and numbers, e.g. clever88, foolish01, pa$$word, 5ecurity etc. This too does not take more than 10 minutes or so to run through.
3.Brute force attack: if the password survived above two techniques, it will not survive the third i.e. brute force. Brute force will crack any password, if allowed sufficient time and computing power. Brute force essentially takes one character of the password at a time until it gets the whole password.
4.Brute force with precomputed hashes: As mentioned before, password cracking/recovery the software generates hashes to compare to the hashes of the unknown password. If you get the software to generate hashes in advance and then store them, you can make brute force technique lightening fast. For example an eight letter alphanumeric password such as "spade938" takes only on average 3.7 seconds to crack when subjected to brute force with precomputed hashes.
Password Recovery/ Resetting/ Auditing
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment