Home arrow Security arrow Page 3 - What’s behind the curtain? Part II

Password cracking attack - Security

In this second of a three-part series covering threats to computer security, we focus on attacks that are more specifically directed against a particular person or company.

TABLE OF CONTENTS:
  1. What’s behind the curtain? Part II
  2. Denial of service (DoS) attack
  3. Password cracking attack
  4. Social engineering attack
  5. Conclusion
By: Eliana Stavrou
Poor Best
Rating: starstarstarstarstar / 8
February 28, 2005

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Another well known threat is the password cracking attack. As we all know, passwords ensure that only authorized users are able to gain access to a system. That’s why a strong password is the cornerstone of an effective security strategy. However, most of the time people place convenience ahead of security, creating passwords that they can easily remember. Usually people use words, symbols or dates that have some personal meaning to them to make up their password. As a result, these passwords are simple and can easily be guessed if you know some information about the owner of the password.

Remember that passwords are not stored on the machines in clear text; a special algorithm is used on the passwords to generate a one-way hash value which is stored in the place of the password. The one-way hash is a string of characters that cannot be reversed into the corresponding original password. When you provide your password to log into your system, the one-way hash value is generated and compared to the hash stored on the system. If they are the same, it is assumed that the password provided is the one expected.

Crackers use tools called password crackers to find out your passwords (actually their hash values). These tools work around several techniques; two of the most well known are the following:

  • Brute force attack. A brute force cracker tool simply tries all possible combinations of passwords until it finds the right one; it generates character sequences working through all possible one character passwords, then two characters, and so forth. The process of finding the right password using a brute force attack is time consuming; however, given enough time and CPU power, the password eventually gets cracked.
  • Dictionary attack. A dictionary password cracker tool simply tests a list of dictionary words; it takes every word and encrypts it, comparing the produced hash value with the one stored on the system. If the hashes are equal, the password is considered cracked.

Whatever we say, the easiest way to compromise a system is through a weak password. So it is important to try to enhance your first line of security defense, which is the passwords you choose.



 
 
>>> More Security Articles          >>> More By Eliana Stavrou
 

blog comments powered by Disqus
   

SECURITY ARTICLES

- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II
Find More Security Articles

Developer Shed Affiliates

 

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap

Dev Shed Tutorial Topics: