So yea, I was talking to one of my best-mates on the phone, he appreciated for the articles I put on here, and that too regularly maintaining a blog like this is hard for some people, but I did it. Then when I asked him about some suggestions, like if there’s any way that I can make it better, or just any suggestions on what should be my next article about, he gave me this beginner-friendly topic that others could understand easily. Thanks pal, and let’s get on with — PASSWORD CRACKING!!!

What is Password Cracking?

Password cracking is the process of attempting to gain unauthorized access to restricted systems using common passwords or algorithms that guess passwords. In other words, it’s an art of obtaining the correct password that gives access to a system protected by an authentication method.

Password cracking techniques

There are a number of techniques that can be used to crack passwords. The most commonly used are:

  • Brute force attack — This method is similar to the dictionary attack. Brute force attacks use algorithms that combine alpha-numeric characters and symbols to come up with passwords for the attack.
  • Rainbow table attack — This method uses pre-computed hashes. Let’s assume that we have a database which stores passwords as md5 hashes. We can create another database that has md5 hashes of commonly used passwords. We can then compare the password hash we have against the stored hashes in the database. If a match is found, then we have the password.
  • Guess — As the name suggests, this method involves guessing. Passwords such as qwerty, password, admin, etc. are commonly used or set as default passwords. If they have not been changed or if the user is careless when selecting passwords, then they can be easily compromised.
  • Spidering — Most organizations use passwords that contain company information. This information can be found on company websites, social media such as Facebook, twitter, etc. Spidering gathers information from these sources to come up with word lists. The word list is then used to perform dictionary and brute force attacks.

Password cracking tool

These are software programs that are used to crack user passwords. We already looked at a similar tool in the above example on password strengths.

Counter Measures

  • An organization can use the following methods to reduce the chances of the passwords been cracked
  • Avoid short and easily predicable passwords
  • Avoid using passwords with predictable patterns such as 11552266.
  • Passwords stored in the database must always be encrypted. For md5 encryptions, its better to salt the password hashes before storing them. Salting involves adding some word to the provided password before creating the hash.
  • Most registration systems have password strength indicators, organizations must adopt policies that favor high password strength numbers.

Nehh, just a n00b

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store