Today I will be blogging on how password cracking attacks work. There are three types, rainbow table attack (also called cryptanalysis attack), dictionary attack and brute force attack. Below are how these work.
Rainbow table attack- These use a table called a rainbow table. To understand this, we must first understand how a password works. Passwords go through an algorithm, in windows it is the LM (LANmangaer) algorithm. The outcome is called a hash. These are 'one way' processes, so it is difficult to determine the actual password. When we type words in the password field, it goes through the algorithm and the outcome is compared with the correct password's hash. If it matches, you are allowed access and vice versa. So rainbow tables use a table with lots of precomputed hashes and compare the hashes with the hashes extracted from somewhere, in windows it is the SAM database. By the way, hashes have to be EXTRACTED from the database, or the table cannot be compared with the hashes. When there is a matching hash between the table and the extracted hash, the table then finds the plaintext of the hash which it was precomputed from. This plaintext is the password.
PROS: -Fast
-Quite reliable
CONS: - Takes up lots of space, as in the table size.
- Takes lots of resources and time to precompute the tables.
- Limitation as to how long the actual password can be. In xp it is 12 if I'm not wrong and vista and windows 7 is should be 8.
Dictionary attacks: This attack is exactly what the name implies. It uses a wordlist full of commonly used passwords and it keeps on guessing until it gets the right password.
Pros: Works on human psychology, most pple will use a word from a dictionary as their password, so dictionary attacks will get their password easily.
Cons: -not very fast, not very slow either.
-Cracks only the weaker passwords.
Brute force attacks: These are the only attacks guranteed to crack a password. Problem is, it tries every single possible keyboard combination to crack a password, so it is damn slow, unless your password is sth like 'pas' or 'qpo', in which you can set the no. of letters/numbers. This is, personally, a nightmare for cracking passwords which are 7 to 8 letters.numbers long. If a password is really strong, it can take months or weeks or days to crack.
Pros: Guranteed to crack all passwords
Cons: Too freakin slow
Lots of keyboard combinations, so cracking strong passwords would take a very, very long time.
FOR ENQUIRIES ON PASSWORD ATTACKS PLEASE COMMENT AND PLEASE DO CHECK OUT MY POST ABOUT PASSWORD CRACKING TOOLS COMIN OUT SOON!!!
No comments:
Post a Comment