SlideShare uma empresa Scribd logo

Password Cracking

Transferir como DOCX, PDF
H
Hajer alriyami

Password cracking is the process of guessing or recovering passwords to gain unauthorized access. The document discusses password cracking techniques such as dictionary attacks and discusses how passwords can be protected. It then analyzes the password cracking tool Folder Lock, which can lock and encrypt files and folders, backup encrypted files to the cloud, and permanently delete files through shredding. In conclusion, the document covered password cracking definitions, techniques, and protections as well as analyzed the password cracking tool Folder Lock.

Tecnologia
1 de 9
Assignment/ID:26s1368 1 Done by : Hajer Mohammed said Alriyami Submit to: Ms.Kalivani Password cracking
Assignment/ID:26s1368 2 Introduction Passwords are a system designed to provide authentication. There are many different ways to authenticate users of a system: a user can present a physical object like a key card, prove identity using a personal characteristic like a fingerprint, or use something that only the user knows. In contrast to the other approaches listed, a primary benefit of using authentication through a password is that in the event that your password becomes compromised it can be easily changed. This report will discuss what password cracking is, techniques for password cracking when an attacker has the ability to attempt to log in to the system using a user name and password pair, techniques for when an attacker has access to however passwords are stored on the system, attacks involve observing password entry in some way and finally how graphical passwords and graphical password cracks work. Figure 1: The flow of password attacking possibilities. Figure 1 show some scenarios attempts at password cracking can occur. The attacker can gain access to a machine through physical or remote access. The user could attempt to try each possible password or likely password (a form of dictionary attack). If the attack can gain access to hashes of the passwords it is possible to use software like OphCrack which utilizes Rainbow Tables to crack passwords[1]. A spammer may use dictionary attacks to gain access to bank accounts or other 1 web services as well. Wireless protocols are vulnerable to some password cracking techniques when packet sniffers are able to gain initialization packets. A password is the secret word or phrase that is used for the authentication process in various applications. It is used to gain access to accounts and resources. A password protects our accounts or resources from unauthorized access.  In this report I'm going to discuss:
Assignment/ID:26s1368 3 What is Password Cracking? Password cracking is the process of guessing or recovering a password from stored locations or from data transmission system. It is used to get a password for unauthorized access or to recover a forgotten password. In penetration testing, it is used to check the security of an application. In recent years, computer programmers have been trying to create algorithms for password cracking in less time. Most of the password cracking tools try to login with every possible combination of words. If login is successful, it means the password was found. If the password is strong enough with a combination of numbers, characters and special characters, this cracking method may take hours to weeks or months. A few password cracking tools use a dictionary that contains passwords. These tools are totally dependent on the dictionary, so success rate is lower. In the past few years, programmers have developed many password cracking tools. Every tool has its own advantages and disadvantages. In this report, I`m covering a few of the most popular password cracking tools.  So, the question is: How to create a password that is hard to crack In this report, I have listed 10 password cracking tools. These tools try to crack passwords with different password cracking algorithms. Most of the passwords cracking tools are available for free. So, you should always try to have a strong password that is hard to crack by these password cracking tools. These are few tips you can try while creating a password. The longer the password, the harder it is to crack: Password length is the most important factor. If you select a small password, password cracking tools can easily crack it by using few words combinations. A longer password will take a longer time in guessing. You’re your password at least 8 characters long. Always use a combination of characters, numbers and special characters: This is another thing which makes passwords hard to crack. Password cracking tools try the combination of one by one. Have a combination of small characters, capital letters, and special characters. Suppose if you have only numbers in your password. Password cracking tools only need to guess numbers from 0-9. Here only length matters. But having a password combination of a-z, A-Z, 0-9 and other special characters with a good length will make it harder to crack. This kind of password sometimes takes weeks to crack.
Assignment/ID:26s1368 4 Variety in passwords: One important thing you must always take care. Never use same password everywhere. Cyber criminals can steal passwords from one website and then try it on other websites too. In case you are not sure about the strength of your password, you can check it from variety of online tools available for free. Try this official Microsoft Tool for checking the password strength.  What to avoid while selecting your password? There are a few things which were very common a few years back and still exist. Most of the password cracking tools starts from there. Passwords that fall into this category are most easy to crack. These are the few password mistakes which you should avoid:  Never use a dictionary word  Avoid using your pet’s name, parent name, your phone number, driver’s license number or anything which is easy to guess.  Avoid using passwords with sequence or repeated characters: For Ex: 1111111, 12345678 or qwerty, asdfgh.  Avoid using passwords that fall in worst password list. Every year, data analysis companies publish the list of worst passwords of the year from analyzing the leaked password data. The top 11 worst passwords of 2012:  password  123456  12345678  abc123  qwerty  monkey  letmein  dragon  111111  baseball  iloveyou The Art and Science of Password cracking is the vast majority of systems, today authenticate users with a static password. When user logs in, the password is transmitted which checks the password to make the decision whether to let the user log in. To make this decision, the system must have a mechanism to compare the input with the actual password. Of course, the system could just store all of the passwords locally and compare from this file. Such a file of passwords, however, would provide a very juicy target for an attacker. To make the target less useful for attackers, most modern operating systems use a one-way hash or encryption mechanism to protect the stored passwords. When a user types in a password, the system hashes the user's entry and compares it to the stored hash. If the two hashes match, the password is correct and the user can login.
Assignment/ID:26s1368 5 Password cracking tools are used to attack this method of password protection. An attacker will use some exploit (often a buffer overflow) to gather the encrypted or hashed password file from a system (on a UNDK system without password shadowing, any user can read the hashed password file). After downloading the hashed password file, the attacker uses a password cracking tool to determine users' passwords. The cracking tool operates using a loop: it guesses a password, hashes or encrypts the password, and compares it to the hashed password from the stolen file. If the hashes match, the attacker has the password. If the hashes do not match, the loop begins again with another password guess. Password cracking tools base their password guesses on a dictionary or a complete brute-force attack, attempting every possible password. What we need? Password Cracking Defenses The first defense against password cracking is to minimize the exposure of the encrypted hashed password file. To ensure that passwords are secure and to identify weak passwords, security practitioners should check system passwords on a periodic basis using password cracking tools. When weak passwords are discovered, the security group should have a defined procedure for interacting with users whose passwords can guessed Finally, several software packages are available that prevent users from setting their passwords to easily guessed values. When a user establishes a new password, these filtering programs check the password to make sure that it is sufficiently complex and is not just a variation of the user name or a dictionary word. With this kind of tool, users are simply unable to create passwords that are easily guessed, eliminating a significant security issue. For filtering software to be effective, it must be installed on all servers where users establish passwords, including UNIX servers, Windows NT Primary and Back-up Domain Controllers, and Novell have developed many password cracking tools.Programmers in the past few years Every tool has its own advantages and disadvantages. In this report, I provide you some of the most popular password cracking tools. Brutus1. AbelandCain2. RainbowCrack3. RippertheJohn4. Wfuzz5. NGrackAirC6.
Assignment/ID:26s1368 6 HydraTHC7. Medusa8. L0phtCrack9. OphCrack10.  Here we chooseone toolfor password cracking: FolderLock What is? Folder Lock lets you password-protectfiles,folders and drives; encrypt your important files on-the-fly; backup them in real-time; protect portable drives; shred files & drives and clean history. It is the most downloadedfile-securityapplication with more than 45 million users. It works on 32-bit and 64-bit Windows 10, 8, 7, Vista, XP. – Lock folders in seconds – Encrypt files on-the-fly – Sync & Backup Encryptedfiles – Password-protectUSB/ExternalDrive – Shred and permanently delete files – Clean Windows History – Stealth Mode – Save Wallets / Cards / Passwords Secure Backup! Keep your encrypted lockers backed up and synced on a dedicated secure cloud server.  End to End Encrypted Backup  On Demand Syncing & Restore  Automatic Backup on modify
Assignment/ID:26s1368 7 FolderLock Folder Lock can Lock and Hide files and folders within seconds. It enables you to Password Protect and restricts the unwanted eyes from viewing files, folders and drives. Once you’ve locked a folder, it will be hidden from its previous location and can only be accessed through the software interface. Encrypt your Files Folder Lock creates Lockers. Just as you would put your money in a safe, would you like to keep your files in a digital ‘Locker’ that’s safer than a bank’s vault? You can create ‘Locker(s)’ which are protected by AES 256-bit encryption. You need not encrypt or decrypt files when accessing; simply copy them to Locker and voila! They are encrypted on-the-fly. Secure Backup Folder Lock offers a 2-way encryption and backup method, letting you backup your encrypted ‘Lockers’ online. This feature lets you to create a password protected backup of your Lockers so that the information is not only secured from prying eyes but is protected from loss or damage. If your PC gets stolen or data gets deleted, simply recover your data back from your online account.
Assignment/ID:26s1368 8 Protect USB You can also keep your Lockers in portable devices including USB and External drives. Folder Lock converts these Lockers in executable files so that you don’t need to install Folder Lock every time you want to access your secured files. You can also burn them to CDs/DVDs and create password-protected zips for email attachments. Password Wallets Folder Lock lets you create digital Wallets to protect the confidential informationyou use on regular basis – information such as banking details, credit cards, transactions,ATM pin and much more. You can create as many cards as you want in these Wallets. They are encrypted when saved. Shred Files Simply deleting your files is no guarantee that you files cannot be recovered. Shredding your files deletes your files permanently from your hard disk in such a way that even file recovery software cannot recover them again. Folder Locknot only helps you to Shred Files, it also lets you shred the empty drive space so that no matter what files were deleted previously, gets shredded as well.
Assignment/ID:26s1368 9 Conclusion I`ve reported many things; including the definition of password cracking, reasons for cracking and the techniques for protecting your data from being hacking. I used folder lock tool which is one method to safeguard your information. Reference http://resources.infosecinstitute.com Information Security Management Handbook, Fifth Edition Hackers Beware Book https://www.techworm.net https://www2.cs.arizona.edu http://www.newsoftwares.net

Recomendados

Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
أحلام انصارى
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Cryptography
CryptographyCryptography
Cryptography
subodh pawar
 
Password management
Password managementPassword management
Password management
Wilmington University
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 

Recomendados

Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
أحلام انصارى
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Cryptography
CryptographyCryptography
Cryptography
subodh pawar
 
Password management
Password managementPassword management
Password management
Wilmington University
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Sagar Verma
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
Enrico Zimuel
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
Divyank Jindal
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Password management
Password managementPassword management
Password management
PortalGuard dba PistolStar, Inc.
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Alapan Banerjee
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
Sina Manavi
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
chauhankapil
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
Zaheer720515
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 
ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPT
Sweta Leena Panda
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorization
Alexandru Pasaila
 
The strategies of password
The strategies of passwordThe strategies of password
The strategies of password
MohammedAlhamoodi
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
 

Mais conteúdo relacionado

Mais procurados

Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorization
Alexandru Pasaila
 

Mais procurados (20)

Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
 
Cyber security
Cyber securityCyber security
Cyber security
 
Password management
Password managementPassword management
Password management
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
 
Cia security model
Cia security modelCia security model
Cia security model
 
Network security
Network securityNetwork security
Network security
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
SQL injection
SQL injectionSQL injection
SQL injection
 
ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPT
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
 
Phishing
PhishingPhishing
Phishing
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorization
 

Semelhante a Password Cracking

8 passwordsecurity
8 passwordsecurity8 passwordsecurity
8 passwordsecurity
richarddxd
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
STO STRATEGY
 
DIGITAL FORENSIC 25In this chapter, youll learn more about.docx
DIGITAL FORENSIC 25In this chapter, youll learn more about.docxDIGITAL FORENSIC 25In this chapter, youll learn more about.docx
DIGITAL FORENSIC 25In this chapter, youll learn more about.docx
lynettearnold46882
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Fego Ogwara
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work together
Wendy Knox Everette
 
In responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxIn responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docx
mecklenburgstrelitzh
 
CHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnCHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization On
MaximaSheffield592
 
Password hacking
Password hackingPassword hacking
Password hacking
Abhay pal
 

Semelhante a Password Cracking (20)

The strategies of password
The strategies of passwordThe strategies of password
The strategies of password
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
 
8 passwordsecurity
8 passwordsecurity8 passwordsecurity
8 passwordsecurity
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
Ethical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptxEthical hacking for Business or Management.pptx
Ethical hacking for Business or Management.pptx
 
Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force tools
 
DIGITAL FORENSIC 25In this chapter, youll learn more about.docx
DIGITAL FORENSIC 25In this chapter, youll learn more about.docxDIGITAL FORENSIC 25In this chapter, youll learn more about.docx
DIGITAL FORENSIC 25In this chapter, youll learn more about.docx
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
PASSWORD BEST PRACTICES
PASSWORD BEST PRACTICESPASSWORD BEST PRACTICES
PASSWORD BEST PRACTICES
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work together
 
In responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxIn responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docx
 
Password hacking
Password hackingPassword hacking
Password hacking
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key logger
 
W make107
W make107W make107
W make107
 
CHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnCHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization On
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Ch18
Ch18Ch18
Ch18
 

Mais de Hajer alriyami

Mais de Hajer alriyami (8)

Computer Security
Computer SecurityComputer Security
Computer Security
 
penetration test
penetration testpenetration test
penetration test
 
IDS
IDSIDS
IDS
 
Positive thinking
Positive thinkingPositive thinking
Positive thinking
 
Policy for PDO
Policy for PDOPolicy for PDO
Policy for PDO
 
“3rd Millennium’s Technological Impact to Medicine, Education, and Society”
“3rd Millennium’s Technological Impact to Medicine, Education, and Society”“3rd Millennium’s Technological Impact to Medicine, Education, and Society”
“3rd Millennium’s Technological Impact to Medicine, Education, and Society”
 
SSUCCESS
SSUCCESSSSUCCESS
SSUCCESS
 
Presentation1Shell
Presentation1ShellPresentation1Shell
Presentation1Shell
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Password Cracking

  • 1. Assignment/ID:26s1368 1 Done by : Hajer Mohammed said Alriyami Submit to: Ms.Kalivani Password cracking
  • 2. Assignment/ID:26s1368 2 Introduction Passwords are a system designed to provide authentication. There are many different ways to authenticate users of a system: a user can present a physical object like a key card, prove identity using a personal characteristic like a fingerprint, or use something that only the user knows. In contrast to the other approaches listed, a primary benefit of using authentication through a password is that in the event that your password becomes compromised it can be easily changed. This report will discuss what password cracking is, techniques for password cracking when an attacker has the ability to attempt to log in to the system using a user name and password pair, techniques for when an attacker has access to however passwords are stored on the system, attacks involve observing password entry in some way and finally how graphical passwords and graphical password cracks work. Figure 1: The flow of password attacking possibilities. Figure 1 show some scenarios attempts at password cracking can occur. The attacker can gain access to a machine through physical or remote access. The user could attempt to try each possible password or likely password (a form of dictionary attack). If the attack can gain access to hashes of the passwords it is possible to use software like OphCrack which utilizes Rainbow Tables to crack passwords[1]. A spammer may use dictionary attacks to gain access to bank accounts or other 1 web services as well. Wireless protocols are vulnerable to some password cracking techniques when packet sniffers are able to gain initialization packets. A password is the secret word or phrase that is used for the authentication process in various applications. It is used to gain access to accounts and resources. A password protects our accounts or resources from unauthorized access.  In this report I'm going to discuss:
  • 3. Assignment/ID:26s1368 3 What is Password Cracking? Password cracking is the process of guessing or recovering a password from stored locations or from data transmission system. It is used to get a password for unauthorized access or to recover a forgotten password. In penetration testing, it is used to check the security of an application. In recent years, computer programmers have been trying to create algorithms for password cracking in less time. Most of the password cracking tools try to login with every possible combination of words. If login is successful, it means the password was found. If the password is strong enough with a combination of numbers, characters and special characters, this cracking method may take hours to weeks or months. A few password cracking tools use a dictionary that contains passwords. These tools are totally dependent on the dictionary, so success rate is lower. In the past few years, programmers have developed many password cracking tools. Every tool has its own advantages and disadvantages. In this report, I`m covering a few of the most popular password cracking tools.  So, the question is: How to create a password that is hard to crack In this report, I have listed 10 password cracking tools. These tools try to crack passwords with different password cracking algorithms. Most of the passwords cracking tools are available for free. So, you should always try to have a strong password that is hard to crack by these password cracking tools. These are few tips you can try while creating a password. The longer the password, the harder it is to crack: Password length is the most important factor. If you select a small password, password cracking tools can easily crack it by using few words combinations. A longer password will take a longer time in guessing. You’re your password at least 8 characters long. Always use a combination of characters, numbers and special characters: This is another thing which makes passwords hard to crack. Password cracking tools try the combination of one by one. Have a combination of small characters, capital letters, and special characters. Suppose if you have only numbers in your password. Password cracking tools only need to guess numbers from 0-9. Here only length matters. But having a password combination of a-z, A-Z, 0-9 and other special characters with a good length will make it harder to crack. This kind of password sometimes takes weeks to crack.
  • 4. Assignment/ID:26s1368 4 Variety in passwords: One important thing you must always take care. Never use same password everywhere. Cyber criminals can steal passwords from one website and then try it on other websites too. In case you are not sure about the strength of your password, you can check it from variety of online tools available for free. Try this official Microsoft Tool for checking the password strength.  What to avoid while selecting your password? There are a few things which were very common a few years back and still exist. Most of the password cracking tools starts from there. Passwords that fall into this category are most easy to crack. These are the few password mistakes which you should avoid:  Never use a dictionary word  Avoid using your pet’s name, parent name, your phone number, driver’s license number or anything which is easy to guess.  Avoid using passwords with sequence or repeated characters: For Ex: 1111111, 12345678 or qwerty, asdfgh.  Avoid using passwords that fall in worst password list. Every year, data analysis companies publish the list of worst passwords of the year from analyzing the leaked password data. The top 11 worst passwords of 2012:  password  123456  12345678  abc123  qwerty  monkey  letmein  dragon  111111  baseball  iloveyou The Art and Science of Password cracking is the vast majority of systems, today authenticate users with a static password. When user logs in, the password is transmitted which checks the password to make the decision whether to let the user log in. To make this decision, the system must have a mechanism to compare the input with the actual password. Of course, the system could just store all of the passwords locally and compare from this file. Such a file of passwords, however, would provide a very juicy target for an attacker. To make the target less useful for attackers, most modern operating systems use a one-way hash or encryption mechanism to protect the stored passwords. When a user types in a password, the system hashes the user's entry and compares it to the stored hash. If the two hashes match, the password is correct and the user can login.
  • 5. Assignment/ID:26s1368 5 Password cracking tools are used to attack this method of password protection. An attacker will use some exploit (often a buffer overflow) to gather the encrypted or hashed password file from a system (on a UNDK system without password shadowing, any user can read the hashed password file). After downloading the hashed password file, the attacker uses a password cracking tool to determine users' passwords. The cracking tool operates using a loop: it guesses a password, hashes or encrypts the password, and compares it to the hashed password from the stolen file. If the hashes match, the attacker has the password. If the hashes do not match, the loop begins again with another password guess. Password cracking tools base their password guesses on a dictionary or a complete brute-force attack, attempting every possible password. What we need? Password Cracking Defenses The first defense against password cracking is to minimize the exposure of the encrypted hashed password file. To ensure that passwords are secure and to identify weak passwords, security practitioners should check system passwords on a periodic basis using password cracking tools. When weak passwords are discovered, the security group should have a defined procedure for interacting with users whose passwords can guessed Finally, several software packages are available that prevent users from setting their passwords to easily guessed values. When a user establishes a new password, these filtering programs check the password to make sure that it is sufficiently complex and is not just a variation of the user name or a dictionary word. With this kind of tool, users are simply unable to create passwords that are easily guessed, eliminating a significant security issue. For filtering software to be effective, it must be installed on all servers where users establish passwords, including UNIX servers, Windows NT Primary and Back-up Domain Controllers, and Novell have developed many password cracking tools.Programmers in the past few years Every tool has its own advantages and disadvantages. In this report, I provide you some of the most popular password cracking tools. Brutus1. AbelandCain2. RainbowCrack3. RippertheJohn4. Wfuzz5. NGrackAirC6.
  • 6. Assignment/ID:26s1368 6 HydraTHC7. Medusa8. L0phtCrack9. OphCrack10.  Here we chooseone toolfor password cracking: FolderLock What is? Folder Lock lets you password-protectfiles,folders and drives; encrypt your important files on-the-fly; backup them in real-time; protect portable drives; shred files & drives and clean history. It is the most downloadedfile-securityapplication with more than 45 million users. It works on 32-bit and 64-bit Windows 10, 8, 7, Vista, XP. – Lock folders in seconds – Encrypt files on-the-fly – Sync & Backup Encryptedfiles – Password-protectUSB/ExternalDrive – Shred and permanently delete files – Clean Windows History – Stealth Mode – Save Wallets / Cards / Passwords Secure Backup! Keep your encrypted lockers backed up and synced on a dedicated secure cloud server.  End to End Encrypted Backup  On Demand Syncing & Restore  Automatic Backup on modify
  • 7. Assignment/ID:26s1368 7 FolderLock Folder Lock can Lock and Hide files and folders within seconds. It enables you to Password Protect and restricts the unwanted eyes from viewing files, folders and drives. Once you’ve locked a folder, it will be hidden from its previous location and can only be accessed through the software interface. Encrypt your Files Folder Lock creates Lockers. Just as you would put your money in a safe, would you like to keep your files in a digital ‘Locker’ that’s safer than a bank’s vault? You can create ‘Locker(s)’ which are protected by AES 256-bit encryption. You need not encrypt or decrypt files when accessing; simply copy them to Locker and voila! They are encrypted on-the-fly. Secure Backup Folder Lock offers a 2-way encryption and backup method, letting you backup your encrypted ‘Lockers’ online. This feature lets you to create a password protected backup of your Lockers so that the information is not only secured from prying eyes but is protected from loss or damage. If your PC gets stolen or data gets deleted, simply recover your data back from your online account.
  • 8. Assignment/ID:26s1368 8 Protect USB You can also keep your Lockers in portable devices including USB and External drives. Folder Lock converts these Lockers in executable files so that you don’t need to install Folder Lock every time you want to access your secured files. You can also burn them to CDs/DVDs and create password-protected zips for email attachments. Password Wallets Folder Lock lets you create digital Wallets to protect the confidential informationyou use on regular basis – information such as banking details, credit cards, transactions,ATM pin and much more. You can create as many cards as you want in these Wallets. They are encrypted when saved. Shred Files Simply deleting your files is no guarantee that you files cannot be recovered. Shredding your files deletes your files permanently from your hard disk in such a way that even file recovery software cannot recover them again. Folder Locknot only helps you to Shred Files, it also lets you shred the empty drive space so that no matter what files were deleted previously, gets shredded as well.
  • 9. Assignment/ID:26s1368 9 Conclusion I`ve reported many things; including the definition of password cracking, reasons for cracking and the techniques for protecting your data from being hacking. I used folder lock tool which is one method to safeguard your information. Reference http://resources.infosecinstitute.com Information Security Management Handbook, Fifth Edition Hackers Beware Book https://www.techworm.net https://www2.cs.arizona.edu http://www.newsoftwares.net