![Assignment/ID:26s1368
2
Introduction
Passwords are a system
designed to provide
authentication. There are
many different ways to
authenticate users of a
system: a user can present a
physical object like a key
card, prove identity using a
personal characteristic like a
fingerprint, or use something
that only the user knows.
In contrast to the other approaches listed, a primary benefit of using authentication
through a password is that in the event that your password becomes compromised it
can be easily changed. This report will discuss what password cracking is, techniques
for password cracking when an attacker has the ability to attempt to log in to the
system using a user name and password pair, techniques for when an attacker has
access to however passwords are stored on the system, attacks involve observing
password entry in some way and finally how graphical passwords and graphical
password cracks work. Figure 1: The flow of password attacking possibilities.
Figure 1 show some scenarios attempts at password cracking can occur. The attacker
can gain access to a machine through physical or remote access. The user could
attempt to try each possible password or likely password (a form of dictionary attack).
If the attack can gain access to hashes of the passwords it is possible to use software
like OphCrack which utilizes Rainbow Tables to crack passwords[1].
A spammer may use dictionary attacks to gain access to bank accounts or other 1 web
services as well. Wireless protocols are vulnerable to some password cracking
techniques when packet sniffers are able to gain initialization packets.
A password is the secret word or phrase that is used for the authentication process in
various applications. It is used to gain access to accounts and resources. A password
protects our accounts or resources from unauthorized access.
In this report I'm going to discuss:](https://image.slidesharecdn.com/pswd-171224201046/85/Password-Cracking-2-320.jpg)
Password Cracking
- 1. Assignment/ID:26s1368 1 Done by : Hajer Mohammed said Alriyami Submit to: Ms.Kalivani Password cracking
- 2. Assignment/ID:26s1368 2 Introduction Passwords are a system designed to provide authentication. There are many different ways to authenticate users of a system: a user can present a physical object like a key card, prove identity using a personal characteristic like a fingerprint, or use something that only the user knows. In contrast to the other approaches listed, a primary benefit of using authentication through a password is that in the event that your password becomes compromised it can be easily changed. This report will discuss what password cracking is, techniques for password cracking when an attacker has the ability to attempt to log in to the system using a user name and password pair, techniques for when an attacker has access to however passwords are stored on the system, attacks involve observing password entry in some way and finally how graphical passwords and graphical password cracks work. Figure 1: The flow of password attacking possibilities. Figure 1 show some scenarios attempts at password cracking can occur. The attacker can gain access to a machine through physical or remote access. The user could attempt to try each possible password or likely password (a form of dictionary attack). If the attack can gain access to hashes of the passwords it is possible to use software like OphCrack which utilizes Rainbow Tables to crack passwords[1]. A spammer may use dictionary attacks to gain access to bank accounts or other 1 web services as well. Wireless protocols are vulnerable to some password cracking techniques when packet sniffers are able to gain initialization packets. A password is the secret word or phrase that is used for the authentication process in various applications. It is used to gain access to accounts and resources. A password protects our accounts or resources from unauthorized access. In this report I'm going to discuss:
- 3. Assignment/ID:26s1368 3 What is Password Cracking? Password cracking is the process of guessing or recovering a password from stored locations or from data transmission system. It is used to get a password for unauthorized access or to recover a forgotten password. In penetration testing, it is used to check the security of an application. In recent years, computer programmers have been trying to create algorithms for password cracking in less time. Most of the password cracking tools try to login with every possible combination of words. If login is successful, it means the password was found. If the password is strong enough with a combination of numbers, characters and special characters, this cracking method may take hours to weeks or months. A few password cracking tools use a dictionary that contains passwords. These tools are totally dependent on the dictionary, so success rate is lower. In the past few years, programmers have developed many password cracking tools. Every tool has its own advantages and disadvantages. In this report, I`m covering a few of the most popular password cracking tools. So, the question is: How to create a password that is hard to crack In this report, I have listed 10 password cracking tools. These tools try to crack passwords with different password cracking algorithms. Most of the passwords cracking tools are available for free. So, you should always try to have a strong password that is hard to crack by these password cracking tools. These are few tips you can try while creating a password. The longer the password, the harder it is to crack: Password length is the most important factor. If you select a small password, password cracking tools can easily crack it by using few words combinations. A longer password will take a longer time in guessing. You’re your password at least 8 characters long. Always use a combination of characters, numbers and special characters: This is another thing which makes passwords hard to crack. Password cracking tools try the combination of one by one. Have a combination of small characters, capital letters, and special characters. Suppose if you have only numbers in your password. Password cracking tools only need to guess numbers from 0-9. Here only length matters. But having a password combination of a-z, A-Z, 0-9 and other special characters with a good length will make it harder to crack. This kind of password sometimes takes weeks to crack.
- 4. Assignment/ID:26s1368 4 Variety in passwords: One important thing you must always take care. Never use same password everywhere. Cyber criminals can steal passwords from one website and then try it on other websites too. In case you are not sure about the strength of your password, you can check it from variety of online tools available for free. Try this official Microsoft Tool for checking the password strength. What to avoid while selecting your password? There are a few things which were very common a few years back and still exist. Most of the password cracking tools starts from there. Passwords that fall into this category are most easy to crack. These are the few password mistakes which you should avoid: Never use a dictionary word Avoid using your pet’s name, parent name, your phone number, driver’s license number or anything which is easy to guess. Avoid using passwords with sequence or repeated characters: For Ex: 1111111, 12345678 or qwerty, asdfgh. Avoid using passwords that fall in worst password list. Every year, data analysis companies publish the list of worst passwords of the year from analyzing the leaked password data. The top 11 worst passwords of 2012: password 123456 12345678 abc123 qwerty monkey letmein dragon 111111 baseball iloveyou The Art and Science of Password cracking is the vast majority of systems, today authenticate users with a static password. When user logs in, the password is transmitted which checks the password to make the decision whether to let the user log in. To make this decision, the system must have a mechanism to compare the input with the actual password. Of course, the system could just store all of the passwords locally and compare from this file. Such a file of passwords, however, would provide a very juicy target for an attacker. To make the target less useful for attackers, most modern operating systems use a one-way hash or encryption mechanism to protect the stored passwords. When a user types in a password, the system hashes the user's entry and compares it to the stored hash. If the two hashes match, the password is correct and the user can login.
- 5. Assignment/ID:26s1368 5 Password cracking tools are used to attack this method of password protection. An attacker will use some exploit (often a buffer overflow) to gather the encrypted or hashed password file from a system (on a UNDK system without password shadowing, any user can read the hashed password file). After downloading the hashed password file, the attacker uses a password cracking tool to determine users' passwords. The cracking tool operates using a loop: it guesses a password, hashes or encrypts the password, and compares it to the hashed password from the stolen file. If the hashes match, the attacker has the password. If the hashes do not match, the loop begins again with another password guess. Password cracking tools base their password guesses on a dictionary or a complete brute-force attack, attempting every possible password. What we need? Password Cracking Defenses The first defense against password cracking is to minimize the exposure of the encrypted hashed password file. To ensure that passwords are secure and to identify weak passwords, security practitioners should check system passwords on a periodic basis using password cracking tools. When weak passwords are discovered, the security group should have a defined procedure for interacting with users whose passwords can guessed Finally, several software packages are available that prevent users from setting their passwords to easily guessed values. When a user establishes a new password, these filtering programs check the password to make sure that it is sufficiently complex and is not just a variation of the user name or a dictionary word. With this kind of tool, users are simply unable to create passwords that are easily guessed, eliminating a significant security issue. For filtering software to be effective, it must be installed on all servers where users establish passwords, including UNIX servers, Windows NT Primary and Back-up Domain Controllers, and Novell have developed many password cracking tools.Programmers in the past few years Every tool has its own advantages and disadvantages. In this report, I provide you some of the most popular password cracking tools. Brutus1. AbelandCain2. RainbowCrack3. RippertheJohn4. Wfuzz5. NGrackAirC6.
- 6. Assignment/ID:26s1368 6 HydraTHC7. Medusa8. L0phtCrack9. OphCrack10. Here we chooseone toolfor password cracking: FolderLock What is? Folder Lock lets you password-protectfiles,folders and drives; encrypt your important files on-the-fly; backup them in real-time; protect portable drives; shred files & drives and clean history. It is the most downloadedfile-securityapplication with more than 45 million users. It works on 32-bit and 64-bit Windows 10, 8, 7, Vista, XP. – Lock folders in seconds – Encrypt files on-the-fly – Sync & Backup Encryptedfiles – Password-protectUSB/ExternalDrive – Shred and permanently delete files – Clean Windows History – Stealth Mode – Save Wallets / Cards / Passwords Secure Backup! Keep your encrypted lockers backed up and synced on a dedicated secure cloud server. End to End Encrypted Backup On Demand Syncing & Restore Automatic Backup on modify
- 7. Assignment/ID:26s1368 7 FolderLock Folder Lock can Lock and Hide files and folders within seconds. It enables you to Password Protect and restricts the unwanted eyes from viewing files, folders and drives. Once you’ve locked a folder, it will be hidden from its previous location and can only be accessed through the software interface. Encrypt your Files Folder Lock creates Lockers. Just as you would put your money in a safe, would you like to keep your files in a digital ‘Locker’ that’s safer than a bank’s vault? You can create ‘Locker(s)’ which are protected by AES 256-bit encryption. You need not encrypt or decrypt files when accessing; simply copy them to Locker and voila! They are encrypted on-the-fly. Secure Backup Folder Lock offers a 2-way encryption and backup method, letting you backup your encrypted ‘Lockers’ online. This feature lets you to create a password protected backup of your Lockers so that the information is not only secured from prying eyes but is protected from loss or damage. If your PC gets stolen or data gets deleted, simply recover your data back from your online account.
- 8. Assignment/ID:26s1368 8 Protect USB You can also keep your Lockers in portable devices including USB and External drives. Folder Lock converts these Lockers in executable files so that you don’t need to install Folder Lock every time you want to access your secured files. You can also burn them to CDs/DVDs and create password-protected zips for email attachments. Password Wallets Folder Lock lets you create digital Wallets to protect the confidential informationyou use on regular basis – information such as banking details, credit cards, transactions,ATM pin and much more. You can create as many cards as you want in these Wallets. They are encrypted when saved. Shred Files Simply deleting your files is no guarantee that you files cannot be recovered. Shredding your files deletes your files permanently from your hard disk in such a way that even file recovery software cannot recover them again. Folder Locknot only helps you to Shred Files, it also lets you shred the empty drive space so that no matter what files were deleted previously, gets shredded as well.
- 9. Assignment/ID:26s1368 9 Conclusion I`ve reported many things; including the definition of password cracking, reasons for cracking and the techniques for protecting your data from being hacking. I used folder lock tool which is one method to safeguard your information. Reference http://resources.infosecinstitute.com Information Security Management Handbook, Fifth Edition Hackers Beware Book https://www.techworm.net https://www2.cs.arizona.edu http://www.newsoftwares.net