2. An Overview on Password Cracking
Password cracking is a term used to describe the
penetration of a network, system, or resource
with or without the use of tools to unlock a
resource that has been secured with a password
3. What is Password
• String of characters for authentication and log
on computer, web application , software, Files ,
network , Mobile phones, and your life
• Comprises:
[a-zA-z, 0-9, symbols , space]
4. Password Characteristics
• No short length
• No birthday or phone number, real name ,
company name
• Don’t use complete words or quotes
▫ Example:
▫ Hello123: Weak
▫ @(H311l0)@: Strong
▫ Easy to remember, hard to guess
5. • 1. What is Security?
▫ Protect your private data stored in the disk or transfer
between any computer or any networking device.
• 2. Why it is so important?
▫ In the information age, we will be going online more
and provide more personal information (email,
electronic transfer), and business transaction (e-
commerce).
6. Computer Hacker is a typically knowledgeable
person. He/she knows several different languages,
Networking protocols.
A hacker will look for internal and external
system holes or bugs to break into the system, fun
and challenging.
7. Attempt to break into the system by guessing or
cracking user’s passwords.
Cracker and Hacker are two different terms.
Hacker has generally higher level of education and
intelligence than cracker.
Hackers do not like crackers.
8. Password Security
• Don’t use your old passwords
• Don’t use working or private email for every
website registration such as games, news,….etc.
9. Password Cracking Concept
• guessing or recovering a password
• unauthorized access
• To recover a forgotten password
• A Penetration testing step ( e.g. Network and
Applications)
10. Password Cracking Concept
• Password Cracking is illegal purpose to gain
unauthorized access
• To retrieve password for
authorize access purpose
( misplacing, missing) due to
various reason.
( e.g. what was my password??)
11. Password Cracking Depends on
• Attacker's strengths
• Attacker's computing resources
• Attacker's knowledge
• Attacker's mode of access [physical or
online]
• Strength of the passwords
• How often you change your passwords?
• How close are the old and new
passwords?
• How long is your password?
12.
13. Brute force
▫ Brute force means trying every possible
combination (e.g., a, aa, aaa to zzzzzzzzzzzzzz,
azbycx, etc.).
▫ Hybrid methods use a dictionary, but insert
special characters (e.g., %, $ # or r0ya1- Zero for o
and one for l) and/or permute words.
14. Password Cracking – Off Line
• Attacks:
▫ Dictionary attacks (build a dictionary of
passwords).
▫ Brute force (try all possible passwords).
• This really is still guessing – these systems
don’t break encryption!
15. The characteristics :-
- Need very high processing speed
- Produces many number of passwords for a
particular user using permutations and
combinations May take months years to
crack the password
16. Windows NT Passwords
• Length
▫ Anywhere from 0 to 14 characters
• Characters
▫ All letters (upper and lowercase), numbers, and
symbols are acceptable
• Stored in SAM database
17. Windows NT Security
• Local Security Authority (LSA)
▫ Determines whether a logon attempt is valid
• Security Accounts Manager (SAM)
▫ Receives user logon information and checks it
with its database to verify a correct
username/password
18. LM Passwords VS. NT Passwords
• An 8 character LM password is 890 times easier
to crack than an 8 character NT password
• A 14 character LM password is 450 trillion times
easier to crack than a 14 character NT Password
▫ 450 trillion = 450,000,000,000,000
19. NT Passwords – Not So Easy Cracking
• Character Set = Upper & lower case alpha, numeric,
specials – about 106 characters
▫ N = 807 ~ 2.26 x 1028
▫ Time = (2.26 x 1028)/(108 sec)(1/60x60x24) ~ 2.62 x 1015
days (harder)
Hinweis der Redaktion
from stored locations or from data transmission system.