Password cracking refers to various measures used to discover computer passwords. This is usually accomplished by recovering passwords from data stored in, or transported from, a computer system. Password cracking is done by either repeatedly guessing the password, usually through a computer algorithm in which the computer tries numerous combinations until the password is successfully discovered.
Authentication can be based on the following factor:
• Something you know
• Something you have
• Who you are
Types of password attacks:
- Offline Attack: Means the file or system is available locally for an attack. It might have been downloaded from the Internet, but the attack itself is happening offline.
- Online Attack: Means a hacker must attack your password through some kind of Internet-based authentication system, like a Web login form.
- Dictionary Attacks: In essence these are word-based brute force attacks, with the hacker testing possibilities from a likely set of words to start, then progressing systematically through the dictionary if necessary. The initial “dictionary” may be compiled from a knowledge of the most common passwords
- Key Logger Attacks: Key Logger Attacks use the technique of malware whereby the hacker sneaks malicious code onto a user’s machine through various methods – infected email attachments, “drive-by downloads” from spoofed websites, etc.
Tools for cracking password
I. Offline:
- Rainbowcrack
- John the Ripper
- Wyd
- Crunch
II. Online:
- Hydra
- Wireshark
- TCPdump
- BruteSSH
How to avoid password attack?
- Long and complex password
- Enable account lockouts
- Change password regularly
- Give additional protection to highly privileged accounts.
- Rename highly privileged accounts.