All your passwords are belong to us

--Originally published at Miss F.

Passwords, the ones that keep our stuff safe. Or do they? In this particular blog post, I’ll be discussing the most known/common methods for cracking passwords.

magic word

It’s not uncommon for us to hear someone complaining about how an account of theirs was “hacked”. What they usually mean by that is that someone gained access to their profile and changed stuff while being there. In order to gain access into any system, you need to first crack the password. The following are 10 methods for obtaining someone’s password:

  • Brute-force
    • This is the most common method of them all. It consists of trying several alpha-numeric combinations until you get the right one.
    • It’s simple to program, but it can be very slow if your GPU isn’t your ally.
    • Examples of programs that use this methodology are:
      • Wfuzz
      • Medusa
      • Rarcrack

hacker glove

  • Dictionary
    • As its name says so, this method uses a file which contains words typically stored in a dictionary (and some others like the most used passwords) to search for the real password you’re trying to crack.
    • While it’s faster than the brute-force method, this one’s calculating time may vary from immediately to billions of years. This depends on the password’s length, combination and character usage.
    • Examples of programs that use it are:
      • Cain and Abel
      • John the Ripper
      • L0phtCrack
  • Rainbow Tables
    • Rainbow tables are a very elegant way for cracking a password. They consist of a series of lists of pre-compiled hashes (click the link to read more about hashing). These lists are the hashes of all possible password combinations for any hashing algorithm.
    • It takes way less time than the two previous methods, however it requires a LOT of GPU power. If a password is salted (with random extra characters), it may be impossible for a Rainbow Table to crack it.
    • giphy
      hackers mainframe
      surf
      strong_passwords_time
      Continue reading "All your passwords are belong to us"