Oct 5, 2008

Cracking Password

Hello friends in the last post i gave you some knowledge about the passwords and in this post I am going to tell you some ways with the help of which you can easily crack password and became a password cracker.But all of this requires patience.

The most common method of password cracking is password guessing, although it requires a lot of luck, it can be successful sometimes.To start to guess the password, you first need to gather all kinds of info about the victim.(See the Guidelines of keeping a password for more details.)The most common and the most successful method of password cracking is the use of password crackers.Now what exactly are password crackers? Now to understand what a password cracker is and how it works, you first need to understand how a person is authenticated.

When you are creating a new account or registering or running the setup(basically whenever you create a new account by entering the Username and Password.) you might be asked for the Username and Password.The username is mostly stored in plain text, but the password that you enter is stored in an encrypted form.Now when you enter the password, it is passed through a predefined algorithm and is thus encrypted and is stored on the hard disk.

So next time when you use the account and enter the password, the text (password) you type is passed through the same algorithm and is compared with the earlier stored value.If they both match, the user is authenticated else the authentication fails.The algorithm that is used to encrypt the password is a one way algorithm, by that I mean that if we pass the encrypted password through the reverse algorithm, we will not get the original plain text password.

Lets take an example to make it more clear: Say your plain text password is xyz123 and it is passed through an algorithm and stored in the a file as 0101027AF. Now if you get his encrypted password and know the algorithm which xyz123 is passed through to get 0101027AF, you cannot reverse the algorithm to get xyz123 from 0101027AF.

When you are typing in your password, the computer does not display it in plaintext but instead shows only stars i.e. ******** so that if someone is shoulder surfing, he cannot find out the password.The text box has been programmed in such a way.On most forms Unix you will not even see the asterisk marks and the cursor will not move, so that neither does a person shoulder surfing, find out the password nor does he find out the length of the password.

Password Crackers are of two types-:
Brute Force and Dictionary Based.

Dictionary Based password Crackers try out all passwords from a given pre defined dictionary list to crack a password.These are faster but more often than not are unsuccessful and do not return the password.As they do not try out all combinations of possible keys, they are unable to crack those passwords which have symbols or numbers in between.

Brute Force Password Crackers try out all combinations of all keys which can be found in the keyboard (i.e. Symbols, Numbers, Alphabets) both Lower Case and Upper Case.These kinds of Password Crackers have a greater success rate but take a long time to crack the password.As they take all possible keys into consideration, they are more effective.Now that you know the two main types of password crackers lets see how they work.As passwords are encrypted by a one way algorithm, password crackers do not extract the password from the file but instead take the combination of letters, encrypt them by passing the characters through the original algorithm and compare this value with the stored encrypted value.If these two match, then the password cracker displays the password in plain text.

0 comments: