When it comes to cracking passwords using software, one of the first things you have to note is that passwords are never stored as plain text. This would be too easy a target and wouldn’t provide the necessary security. For this reason, a one-way hash function is applied. The most popular one-way function is based on DES and is known as crypt 0.
A salt value is normally added to the hash value in order to make the algorithm more complex, and thus more secure from hackers. Every hash value, including its salt value, is stored in a password file under the assumption that even if a hacker were to steal the file, they wouldn’t be able to understand the hashes.
Suggested Read: Secure Password Guidelines You Need To Know
When a genuine user wants to log into their account, they have to fill in their password. In order for their password to be authenticated, their password hash and the hash value previously stored on file must be matched. During this authentication process, the original salt value is extracted from the file, appended to whatever the user has typed in, and the whole string is sent through the one-way hash function. If the user inputs the correct password, the hashing function will generate an output that matches what was stored in the password file. This entire process is done without having to store a password in plain text.
Methods of cracking passwords
There are a number of ways to crack passwords. Some of them are old-fashioned yet surprisingly still effective. Then there are more advanced techniques that involve the use of computer programs.
This may seem a bit old-school and ineffective, but you would be surprised at just how effective it may be. There may be hundreds of advanced techniques, algorithms, and programs that can crack a password, but there are times when the simplest solution is all you need. Guessing involves using logic and attempting to use commonly used passwords to hack a system.
The majority of users tend to view passwords as annoying and cumbersome. It is very difficult to remember different passwords for all your accounts/websites, so most simply opt for the low-hanging fruit. They choose passwords that are easy to remember and,therefore, easy to guess. Some of the most common passwords include:
- The word “password” itself.
- The user’s real name.
- The person’s username/ID.
- The name of a family member.
- Favorite food, color, holiday location.
- The name of pets.
- Birth dates.
The guessing method can sometimes be faster and more effective if the hacker knows the victim very well, or can get access to a lot of their personal information. Another thing to remember when hacking a password is that most people use one password for multiple accounts. Therefore, if you can correctly guess one password you will have a great chance of using it to access other accounts.
- Social Engineering
One of the most obvious ways to get a password is to simply ask for it. People can be very trusting at times depending on the situation that is presented to them. A hacker can call a user, pretend to be from the IT department, and inform them that they have a problem with their email system. The hacker then requests the user’s password in order to log in and help them fix the problem.
This kind of password-cracking method is made easier by the fact that the majority of companies list their employees and their contact details on their websites. Social media can also be a great way to glean information about employees of a company
- Shoulder Surfing
This may seem too easy, but looking over a person’s shoulder as they type in a password can also work as a hack. For this method to work, the hacker must blend into the environment and be very close to the intended target. It involves either looking at the screen as they log in or monitoring their keyboard strokes. If it is someone whom you work with in the office, simply walk up to him or her, ask them to log into their email or network, and watch as they type their password. You have to be discreet about this so that you don’t raise suspicion.
In some cases, a user may look around their desk for something that reminds them of their password. This could be an object or a picture. A strategically placed camera can be used for shoulder surfing, especially in public places like coffee shops.
- Dictionary Attacks
This is a method of hacking where you use a program that contains a list of words and tries to run the list through the victim’s interface until the password is cracked. We know that it is mathematically impossible for a hash to be reversed. However, it is very much possible to create a list of plain-text dictionary words, hash them, use a salt value for each hash, and then perform a comparison with the hash function of the user’s password. If there is a match, the dictionary word that was used has to be the password.
Rudimentary password-cracking tools use a dictionary containing a list of common words. Tools that are more advanced tend to incorporate symbols and numbers into their dictionary words, usually at the start or the end of words. There are also some dictionary attack programs that are able to take a user’s personal profile and select the most relevant words to use to crack the password. These can include surnames and names of family members.
One of the biggest weaknesses of a dictionary attack is that the words that are used to populate the list are obtained from the user/victim. This is the only way the program will work. If the victim is poor at spelling, creates a password in a different language, or uses words that aren’t in the dictionary, the attack will fail.
Examples of programs that can be used to launch a dictionary attack include Cain and Abel, LOphtCrack, and John the Ripper.
- Brute Force Attacks
Back on when all else fails. It is an inefficient method that involves systematically trying every single possible combination of words from a dictionary. Though it may work eventually, it simply takes too long. Your kids may grow up and get married before it finally works.
It is primarily used to crack short passwords of about 6 characters or less. Anything above 7 characters, even with advanced hardware, would not be feasible. A brute force attack also assumes that the hacker knows the number of characters in the password, as well as the case-sensitivity. For example, if the password in question had 7 alphabetical and capitalized characters only, the program would have to make 8,031,810,176 (267) attempts.
For a crypt ( )-style password that uses only 8 characters, a hacker would have to contend with 958 possible input
Characters. In other words, you would have to guess the correct password from a possible 7 quadrillion combinations. The more characters that a user adds to their password, the greater the number of possible passwords a hacker has to deal with. The growth is exponential.
If you use a computer that makes 10, 000 cracks every second, it would take you 22,875 years. Even if you were to get about 1000 computers to help you out, it would still take you an average of 22 years to crack the password.
On the other hand, if the possible passwords grow exponentially with every character that is added, then the opposite is also true. Reducing the number of characters from a password slashes the possible passwords exponentially. For example, if you want to brute force a password with four characters only, and assuming you have a machine that performs 10,000 cracks per second, it would take you about two hours to do so. The password does not even have to comprise dictionary words, for example, g5T&. It will still be cracked very quickly.
One advantage of the brute force attack technique is that it ultimately will crack the password, regardless of how complex it is. The problem as said before, is that nobody can predict how long this will take.
Examples of cracking programs that apply the brute force method include Oracle, Rarcrack, and John the Ripper.
- Rainbow Tables
This mode of attack is pre-computed, unlike dictionary and brute force methods where a hacker has to enter a password into the user’s system and then compare it to the original password. When using rainbow tables, hashes are first computed for every word in a dictionary and are then stored in a hash table. The rainbow tables then retrieve the user’s hashed password from the system and compare it to the list of passwords in the hash table.
There are some assumptions that have to be made, namely that the hacker can retrieve the user’s hashed password, and that the algorithm used to hash the password is the same as the one used in the rainbow table. However, most low-security hashes tend to use SHA-1 and MD5, so use these algorithms for your rainbow tables.
The downside with this method is that the tables require a huge storage space on your hard drive. Itis clear that different plaintext passwords will result in different hashed passwords containing different salts. This means that every salt would need its own table. If a DES crypt ( ) function is being used, the number of salt values would be 4,096, thus making rainbow tables not feasible even with a 4-character password. This is no longer a big problem since memory is much cheaper nowadays, but the need for large storage space tends to discourage this method of cracking.
Examples of some programs that apply rainbow tables include Rainbow Crack and OphCrack.
- Password Probability Matrix
In technological circles, it is accepted that there will always be a trade-off between storage space and computational power. For example, mp3 files require very little storage space for the high-quality music file, but that simply increases the need for greater
Computational power. Your regular calculator, on the other hand, requires very little computational power because it contains a pre-computed lookup table that stores functions.
A password probability matrix works by trying to find the perfect balance between power and space, in order to reduce the time that a brute force attack would take to crack a password. In other words, the time and the storage space required must be reasonable. Unfortunately, you will still have to deal with salts. However, this problem can be mitigated by minimizing the amount of storage space required without compromising the space needed for the 4,096 possible salts in crypt0 password hashes.
The downside to using a probability matrix is that it takes a very long time to create the matrix itself. In fact, this would take as much time as running a brute force attack. The salts would also still pose a problem for a hacker.