Password cracking is the process of guessing or recovering passwords to gain unauthorized access. The document discusses password cracking techniques such as dictionary attacks and discusses how passwords can be protected. It then analyzes the password cracking tool Folder Lock, which can lock and encrypt files and folders, backup encrypted files to the cloud, and permanently delete files through shredding. In conclusion, the document covered password cracking definitions, techniques, and protections as well as analyzed the password cracking tool Folder Lock.
2. Assignment/ID:26s1368
2
Introduction
Passwords are a system
designed to provide
authentication. There are
many different ways to
authenticate users of a
system: a user can present a
physical object like a key
card, prove identity using a
personal characteristic like a
fingerprint, or use something
that only the user knows.
In contrast to the other approaches listed, a primary benefit of using authentication
through a password is that in the event that your password becomes compromised it
can be easily changed. This report will discuss what password cracking is, techniques
for password cracking when an attacker has the ability to attempt to log in to the
system using a user name and password pair, techniques for when an attacker has
access to however passwords are stored on the system, attacks involve observing
password entry in some way and finally how graphical passwords and graphical
password cracks work. Figure 1: The flow of password attacking possibilities.
Figure 1 show some scenarios attempts at password cracking can occur. The attacker
can gain access to a machine through physical or remote access. The user could
attempt to try each possible password or likely password (a form of dictionary attack).
If the attack can gain access to hashes of the passwords it is possible to use software
like OphCrack which utilizes Rainbow Tables to crack passwords[1].
A spammer may use dictionary attacks to gain access to bank accounts or other 1 web
services as well. Wireless protocols are vulnerable to some password cracking
techniques when packet sniffers are able to gain initialization packets.
A password is the secret word or phrase that is used for the authentication process in
various applications. It is used to gain access to accounts and resources. A password
protects our accounts or resources from unauthorized access.
In this report I'm going to discuss:
3. Assignment/ID:26s1368
3
What is Password Cracking?
Password cracking is the process of guessing or recovering a password from stored
locations or from data transmission system. It is used to get a password for
unauthorized access or to recover a forgotten password. In penetration testing, it is
used to check the security of an application.
In recent years, computer programmers have been trying to create algorithms for
password cracking in less time. Most of the password cracking tools try to login with
every possible combination of words. If login is successful, it means the password
was found. If the password is strong enough with a combination of numbers,
characters and special characters, this cracking method may take hours to weeks or
months. A few password cracking tools use a dictionary that contains passwords.
These tools are totally dependent on the dictionary, so success rate is lower.
In the past few years, programmers have developed many password cracking tools.
Every tool has its own advantages and disadvantages. In this report, I`m covering a
few of the most popular password cracking tools.
So, the question is:
How to create a password that is hard to crack
In this report, I have listed 10 password cracking tools. These tools try to crack
passwords with different password cracking algorithms. Most of the passwords
cracking tools are available for free. So, you should always try to have a strong
password that is hard to crack by these password cracking tools. These are few tips
you can try while creating a password.
The longer the password, the harder it is to crack:
Password length is the most important factor. If you select a small password,
password cracking tools can easily crack it by using few words combinations. A
longer password will take a longer time in guessing. You’re your password at least 8
characters long.
Always use a combination of characters, numbers and special characters:
This is another thing which makes passwords hard to crack. Password cracking tools
try the combination of one by one. Have a combination of small characters, capital
letters, and special characters. Suppose if you have only numbers in your password.
Password cracking tools only need to guess numbers from 0-9. Here only length
matters. But having a password combination of a-z, A-Z, 0-9 and other special
characters with a good length will make it harder to crack. This kind of password
sometimes takes weeks to crack.
4. Assignment/ID:26s1368
4
Variety in passwords:
One important thing you must always take care. Never use same password
everywhere. Cyber criminals can steal passwords from one website and then try it on
other websites too.
In case you are not sure about the strength of your password, you can check it from
variety of online tools available for free. Try this official Microsoft Tool for checking
the password strength.
What to avoid while selecting your password?
There are a few things which were very common a few years back and still exist.
Most of the password cracking tools starts from there. Passwords that fall into this
category are most easy to crack. These are the few password mistakes which you
should avoid:
Never use a dictionary word
Avoid using your pet’s name, parent name, your phone number, driver’s
license number or anything which is easy to guess.
Avoid using passwords with sequence or repeated characters: For Ex:
1111111, 12345678 or qwerty, asdfgh.
Avoid using passwords that fall in worst password list. Every year, data
analysis companies publish the list of worst passwords of the year from
analyzing the leaked password data.
The top 11 worst passwords of 2012:
password
123456
12345678
abc123
qwerty
monkey
letmein
dragon
111111
baseball
iloveyou
The Art and Science of Password cracking is the vast majority of systems, today
authenticate users with a static password. When user logs in, the password is
transmitted which checks the password to make the decision whether to let the user
log in. To make this decision, the system must have a mechanism to compare the
input with the actual password. Of course, the system could just store all of the
passwords locally and compare from this file. Such a file of passwords, however,
would provide a very juicy target for an attacker.
To make the target less useful for attackers, most modern operating systems use a
one-way hash or encryption mechanism to protect the stored passwords. When a user
types in a password, the system hashes the user's entry and compares it to the stored
hash. If the two hashes match, the password is correct and the user can login.
5. Assignment/ID:26s1368
5
Password cracking tools are used to attack this method of password protection. An
attacker will use some exploit (often a buffer overflow) to gather the encrypted or
hashed password file from a system (on a UNDK system without password
shadowing, any user can read the hashed password file). After downloading the
hashed password file, the attacker uses a password cracking tool to determine users'
passwords. The cracking tool operates using a loop: it guesses a password, hashes or
encrypts the password, and compares it to the hashed password from the stolen file. If
the hashes match, the attacker has the password. If the hashes do not match, the loop
begins again with another password guess. Password cracking tools base their
password guesses on a dictionary or a complete brute-force attack, attempting every
possible password.
What we need?
Password Cracking Defenses
The first defense against password cracking is to minimize the exposure of the
encrypted hashed password file.
To ensure that passwords are secure and to identify weak passwords, security
practitioners should check system passwords on a periodic basis using password
cracking tools. When weak passwords are discovered, the security group should have
a defined procedure for interacting with users whose passwords can guessed Finally,
several software packages are available that prevent users from setting their
passwords to easily guessed values. When a user establishes a new password, these
filtering programs check the password to make sure that it is sufficiently complex and
is not just a variation of the user name or a dictionary word. With this kind of tool,
users are simply unable to create passwords that are easily guessed, eliminating a
significant security issue. For filtering software to be effective, it must be installed on
all servers where users establish passwords, including UNIX servers, Windows NT
Primary and Back-up Domain Controllers, and Novell
have developed many password cracking tools.Programmers in the past few years
Every tool has its own advantages and disadvantages. In this report, I provide you
some of the most popular password cracking tools.
Brutus1.
AbelandCain2.
RainbowCrack3.
RippertheJohn4.
Wfuzz5.
NGrackAirC6.
6. Assignment/ID:26s1368
6
HydraTHC7.
Medusa8.
L0phtCrack9.
OphCrack10.
Here we chooseone toolfor password cracking:
FolderLock
What is?
Folder Lock lets you password-protectfiles,folders and drives;
encrypt your important files on-the-fly; backup them in real-time;
protect portable drives; shred files & drives and clean history. It is
the most downloadedfile-securityapplication with more than 45
million users. It works on 32-bit and 64-bit Windows 10, 8, 7, Vista,
XP.
– Lock folders in seconds
– Encrypt files on-the-fly
– Sync & Backup Encryptedfiles
– Password-protectUSB/ExternalDrive
– Shred and permanently delete files
– Clean Windows History
– Stealth Mode
– Save Wallets / Cards / Passwords
Secure Backup!
Keep your encrypted lockers backed up and synced on
a dedicated secure cloud server.
End to End Encrypted Backup
On Demand Syncing & Restore
Automatic Backup on modify
7. Assignment/ID:26s1368
7
FolderLock
Folder Lock can Lock and Hide files and folders
within seconds. It enables you to Password
Protect and restricts the unwanted eyes from
viewing files, folders and drives. Once you’ve
locked a folder, it will be hidden from its
previous location and can only be accessed
through the software interface.
Encrypt your Files
Folder Lock creates Lockers. Just as you would put
your money in a safe, would you like to keep your
files in a digital ‘Locker’ that’s safer than a bank’s
vault? You can create ‘Locker(s)’ which are
protected by AES 256-bit encryption. You need not
encrypt or decrypt files when accessing; simply
copy them to Locker and voila! They are encrypted
on-the-fly.
Secure Backup
Folder Lock offers a 2-way encryption and
backup method, letting you backup your
encrypted ‘Lockers’ online. This feature lets
you to create a password protected backup
of your Lockers so that the information is
not only secured from prying eyes but is
protected from loss or damage. If your PC
gets stolen or data gets deleted, simply
recover your data back from your online
account.
8. Assignment/ID:26s1368
8
Protect USB
You can also keep your Lockers in portable devices including
USB and External drives. Folder Lock converts these Lockers in
executable files so that you don’t need to install Folder Lock
every time you want to access your secured files. You can also
burn them to CDs/DVDs and create password-protected zips
for email attachments.
Password Wallets
Folder Lock lets you create digital Wallets to protect
the confidential informationyou use on regular basis
– information such as banking details, credit cards,
transactions,ATM pin and much more. You can create
as many cards as you want in these Wallets. They are
encrypted when saved.
Shred Files
Simply deleting your files is no guarantee that you
files cannot be recovered. Shredding your files
deletes your files permanently from your hard disk
in such a way that even file recovery software
cannot recover them again. Folder Locknot only
helps you to Shred Files, it also lets you shred the
empty drive space so that no matter what files were
deleted previously, gets shredded as well.
9. Assignment/ID:26s1368
9
Conclusion
I`ve reported many things; including the definition of password cracking,
reasons for cracking and the techniques for protecting your data from
being hacking.
I used folder lock tool which is one method to safeguard your
information.
Reference
http://resources.infosecinstitute.com
Information Security Management
Handbook, Fifth Edition
Hackers Beware Book
https://www.techworm.net
https://www2.cs.arizona.edu
http://www.newsoftwares.net