Password cracking

From ArticleWorld

Password cracking represents the process of obtaining a secret password based on data that is stored or transmitted by a computer system. Password cracking is not necessarily a malicious action. System administrators often do this operation themselves, either to check for passwords that are easy to crack or to help a user who has lost his password.

Why crack?

The passwords stored on computer systems are normally stored in an encrypted form. The encryption is one-way strong, meaning that it is easy for a text to be encrypted just like the password in order to compare it to the encrypted password, but it is harder to decrypt the password. This means that obtaining the password involves a cryptographic process. Obtaining the password is usually done using hashed passwords (i.e. passwords readily encrypted which are later decrypted), although it is possible for an attacker to try to guess a password, although it is not as easy for him. Other ways of obtaining the password may include keystroke login, social engineering or other techniques, but these are not usually considered password cracking, as they do not involve any kind of guessing.

Attack methods

There are several attack methods available, depending on the weakness they target. The most important are:

• Attack against weakly-encrypted password. If the system implements a weak encryption function, this may result in an easier decryption of the password. This is why most encryption schemes are one-way hashes (like MD5), which are practically impossible to invert. Although they can be theoretically reverted, this would take too long to compute.
• Attack against badly chosen passwords. There are some obvious choices for passwords which users use, neglecting the security risk. Using password phrases like the user's real name or username, his date of birth or the name of the spouse, which can be exploited at times.
• Dictionary attack. A dictionary attack is based on using a password dictionary, when the encryption scheme used by the system is known. In a dictionary attack, every word in the dictionary is encrypted and compared to the password, in the hope that one of them will match.
• Precomputation attack. This is also based on a dictionary, but instead of encrypting words as they are used, the words are readily encrypted and the password dictionary is based on entries of the form like <plain_text_password, encrypted_password>. This way, password recovery can be extremely quick. However, this can be avoided by using a the salt technique: when the users sets up a new password, a short string is added at the end of the password before encryption and stored for verification along with the password.
• Brute force attack. This is done by generating every possible combination up to a known length of a password. This is rarely successful itself, although some smart brute force crackers do exist, relying on knowing some sort of a general relation regarding the way passwords are chosen.