Another well known threat is the password cracking attack. As we all know, passwords ensure that only authorized users are able to gain access to a system. Thatís why a strong password is the cornerstone of an effective security strategy. However, most of the time people place convenience ahead of security, creating passwords that they can easily remember. Usually people use words, symbols or dates that have some personal meaning to them to make up their password. As a result, these passwords are simple and can easily be guessed if you know some information about the owner of the password.
Remember that passwords are not stored on the machines in clear text; a special algorithm is used on the passwords to generate a one-way hash value which is stored in the place of the password. The one-way hash is a string of characters that cannot be reversed into the corresponding original password. When you provide your password to log into your system, the one-way hash value is generated and compared to the hash stored on the system. If they are the same, it is assumed that the password provided is the one expected.
Crackers use tools called password crackers to find out your passwords (actually their hash values). These tools work around several techniques; two of the most well known are the following:
Brute force attack. A brute force cracker tool simply tries all possible combinations of passwords until it finds the right one; it generates character sequences working through all possible one character passwords, then two characters, and so forth. The process of finding the right password using a brute force attack is time consuming; however, given enough time and CPU power, the password eventually gets cracked.
Dictionary attack. A dictionary password cracker tool simply tests a list of dictionary words; it takes every word and encrypts it, comparing the produced hash value with the one stored on the system. If the hashes are equal, the password is considered cracked.
Whatever we say, the easiest way to compromise a system is through a weak password. So it is important to try to enhance your first line of security defense, which is the passwords you choose.