Background of Password cracking

To enhance the privacy of passwords, the stored password verification data is usually produced by using a one time function to the password, possibly in combination with other information that is available. For simplicity of this discussion, when the one-way function does not incorporate a secret key, aside from the password, then we refer to the one way function employed as a hash and its output as a hashed password. Even though functions that produce hashed passwords may be cryptographically protected, ownership of a hashed password gives a quick means to verify guesses for the password by applying the function to each suspect and comparing the result of the verification data. The most commonly used hash functions may be calculated rapidly and the attacker can do this repeatedly with different guesses before a valid match is found, meaning the plaintext password has been recovered.

The term password cracking is usually limited to recovery of a couple of plaintext passwords from hashed passwords. Password cracking requires that an individual may get access to your hashed password, by simply studying the password verification database or intercepting a hashed password sent over an open system, or has some other approach to rapidly and without limitation test if a guessed password is right. Without the hashed password, the attacker can still try entry to the computer system in question with guessed passwords. However, well-designed systems limit the number of unsuccessful access attempts and can alert administrators to trace the origin of the attack if this quota is exceeded. With the hashed password, the attacker may work unnoticed, and if the attacker has obtained several hashed passwords, then the possibilities for cracking at least one is quite high. There are also many different methods of obtaining passwords illicitly, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, time attack, etc..

Psychotherapy could be mixed with other practices. By way of instance, usage of a hash-based challenge-response authentication way of password verification may offer a hashed password to an eavesdropper, that can then crack the password. A number of stronger cryptographic protocols exist which don’t expose hashed-passwords during verification over a system, either by protecting them in transmission using a high-grade key or using a zero-knowledge password proof.

Author: Edward Philips

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *

%d bloggers like this: