Page 3 - What’s behind the curtain? Part II

Dev Shed Forums

Administration
Apache
BrainDump
DHTML
Flash
Java
JavaScript
Multimedia
MySQL
Oracle
Perl
PHP
Practices
Python
Reviews
Security
Style-Sheets
Web Services
XML
Zend
Zope

Forums Sitemap
IBM® developerWorks

Dedicated Servers
E-Commerce Hosting
Linux Web Hosting
Managed Hosting
Small Business Hosting
Download TestComplete
VPS Hosting

Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

SECURITY

RSS

What’s behind the curtain? Part II

By: Eliana Stavrou	Search For More Articles! Disclaimer Author Terms
Rating: / 7
2005-02-28

Table of Contents:

What’s behind the curtain? Part II

Denial of service (DoS) attack

Password cracking attack

Social engineering attack

Conclusion

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

ADVERTISEMENT

A high performance database engine using optimized data access for all development environments including Delphi, Visual Studio .NET, Visual Basic, Visual FoxPro. and more. Learn More

What’s behind the curtain? Part II - Password cracking attack
(Page 3 of 5 )

Another well known threat is the password cracking attack. As we all know, passwords ensure that only authorized users are able to gain access to a system. That’s why a strong password is the cornerstone of an effective security strategy. However, most of the time people place convenience ahead of security, creating passwords that they can easily remember. Usually people use words, symbols or dates that have some personal meaning to them to make up their password. As a result, these passwords are simple and can easily be guessed if you know some information about the owner of the password.

Remember that passwords are not stored on the machines in clear text; a special algorithm is used on the passwords to generate a one-way hash value which is stored in the place of the password. The one-way hash is a string of characters that cannot be reversed into the corresponding original password. When you provide your password to log into your system, the one-way hash value is generated and compared to the hash stored on the system. If they are the same, it is assumed that the password provided is the one expected.

Crackers use tools called password crackers to find out your passwords (actually their hash values). These tools work around several techniques; two of the most well known are the following:

Brute force attack. A brute force cracker tool simply tries all possible combinations of passwords until it finds the right one; it generates character sequences working through all possible one character passwords, then two characters, and so forth. The process of finding the right password using a brute force attack is time consuming; however, given enough time and CPU power, the password eventually gets cracked.
Dictionary attack. A dictionary password cracker tool simply tests a list of dictionary words; it takes every word and encrypts it, comparing the produced hash value with the one stored on the system. If the hashes are equal, the password is considered cracked.

Whatever we say, the easiest way to compromise a system is through a weak password. So it is important to try to enhance your first line of security defense, which is the passwords you choose.

Next: Social engineering attack >>

More Security Articles
More By Eliana Stavrou

Comments On: What’s behind the curtain? Part II

>>> Be the FIRST to comment on this article!

SECURITY ARTICLES

- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II
- What’s behind the curtain? Part I
- Vectors
- PKI: Looking at the Risks
- A Quick Look at Cross Site Scripting
- PKI Architectures: How to Choose One
- Trust, Access Control, and Rights for Web Se...
- Basic Concepts of Web Services Security
- Safeguarding the Identity and Integrity of X...
Find More Security Articles

Accelerating Trading Partner Performance

Competing on Analytics

Cost Effective Scaling with Virtualization and Coyote Point Systems

Five Checkpoints to Implementing IP Telephony

Hosted Email Security: Staying Ahead of New Threats