kunoichi

A very brief guide to password cracking

In Cryptography, Hacking, Security on February 19, 2007 at 12:32 pm

We all understand the need to protect our private documents, accounts and files with strong passwords. But what can you do if you forget your pass phrase and can’t decrypt the file? Or perhaps your friend needs your expertise to crack that password for them…

In this brief guide, I’ll explain the concepts of password cracking and point you in the direction of sites and downloads which may be of help in such situations.

Disclaimer: the methods I describe below are intended for personal use only. I will not be held responsible for your actions if you use this information for illegitimate ends…

There are three main methods of password cracking:

Guessing
Dictionary attacks
Brute force attacks

All three are similar in that an attacker goes through a list of candidate passwords one by one; the list may be explicitly or implicitly defined, may or may not incorporate knowledge about the victim (e.g.: date of birth, children’s names, etc), and may or may not be linguistically derived (a word found in a dictionary.).

Guessing

This is usually the first method a cracker would use, particularly if they suspect the password user is not knowledgeable about password security, and is likely to use a weak password. Its implementation should be self-explanatory.

Dictionary attack

A dictionary attack is simply a more methodical method of guessing a password! This kind of attack exploits peoples’ tendency to choose weak passwords, particularly words in a dictionary or computer handbook. Programs used to perform a dictionary attack will come equipped with lists of thousands (or even millions) of words and short phrases, and check these lists against the password until the correct word/phrase is realised. Such “password lists” would include:

Names
Countries, cities and places
Words in various languages
Jargon/terminology
Commonly used passwords/phrases

Brute force attack

This is commonly known as the “last resort”. It involves checking every possible combination (passwords and phrases, simple or modified) with a “mask”: a special character, capital letter, alpha-numeric characters, etc.

In theory, a brute force attack will always be successful since the rules for acceptable passwords must be publicly known. However, the length of time it will take to perform a brute force attack increases with the length and complexity of the password. For example, the difference in time to crack a 21 digit alpha-numeric encrypted password with special characters and capitalisation, and a simple 6 digit encrypted password could be as much as 20 years, even on a powerful computer!

There is no better incentive than this for the use of strong passwords…

More information

The following sites offer great information on the subject of password cracking:

Azio’s computer log
Darknet
PassCracking.com

Downloads

Here are some useful “password recovery” tools for you to download:

Brutus: a famous password cracker for many protocols.

Cain and Abel: A password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

John the Ripper: Available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords.

Kunoichi Tags: , , ,

Technorati Tags: , , , ,

Advertisements
  1. i downloaded caoin and abel and i cant figure it out at all i dont understand the ling even with theglossery, i want to crack a sympatio password

  2. Very well! Your site is neat! Visit my sites, please:

  3. One of the best locations I’ve come across lately!!! Definately a permanent bookmark! Please visit my homepage too:

  4. Your site looks great! Visit my sites, please:

  5. Thanks for your great site! Would you please also visit my site?

  6. The site looks great ! Thanks for all your help ( past, present and future !)

  7. Hi My Name Is ivatqu.

  8. there’s this book called the hackers black book and i don’t want to pay for it. i tried downloading it on limewire but it didn’t work.CAN SOMEONE SEND A COPY OF THE HACKERS BLACK BOOK my email address is adviseboy@yahoo.co.uk

  9. please tell me if there are any programs i can use to check another persons email ifi suspeact my partner of cheating on me with this person i would be very greatful

  10. please if you have any information email me at figgkid@hotmail.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: