INTRODUCTION Of PASSWORD CRACKING
The term Password cracker is used to address someone who breaks the codes of the system and takes the access illegally from the system. Breaking codes and cracking system becomes easy when the passwords created are weak and easy. Hence passwords should be a combination of alphabets, special characters and numerical.
We should further read and understand the techniques used by hackers for cracking password. Understanding these techniques will help in making password strong and unique.
PASSWORD CRACKING TECHNIQUES
It is a process of securing passwords from the associated password hash, which is saved in the system.
There are three commonly used techniques for cracking password:
- Brute Force attack
- Dictionary attack
- Rainbow table attack
- Online Cracking password (Thc Hydra and Temper Data).
- To crack wifi Password
Brute Force Attack
It is a type of cryptanalytic attack which could be used to decrypt and encrypted data. This attack is entirely depended on the domain and system of the input of words/alphabets/characters used for creating the password and the length of it. In this technique a compute could attempt one million passwords per second when trying to brute force a password. The time consumed to crack the password depends on the length of password. Hence the longer the password, harder to crack.
Many passwords are in the English word hence a hacker tries to break into the system by putting every single word from dictionary as a password. It is done by an automated tools that try all the possible words in the dictionary.
Also it should be taken into consideration that, users are habitual of using same password on multiple sites, knowing this a hacker often tries to break into a site by guessing the most common passwords being used. Usually they try to use permutations that varys from case to case and by adding numeric as suffixes to the word. We should not ignore that, a hacker is always on hunt and keeps trying to takeover the access of anyone’s system illegally, hence they have a large sample size of most common passwords being used.
It should also be remembered that, list of passwords come into picture when database of hashed passwords are leaked. Once the attacker is in possession of hashed keys password can make out the encryption and algorithm of the password and make a rainbow table.
Rainbow Table Attack
Rainbow tables are much bigger and use a different reduction function in each column. There are colours used to represent the reduction functions, while using colours it appears a rainbow colour, and therefore it is termed as Rainbow table attack.
The functions of this table attack is: It is a pre – computed technique dictionary table containing text passwords along with their hash keys being encrypted while storing the password/data. In this technique hacker tries to crack the password by using a rainbow hash table by using the database stored in the system. A rainbow table is a hash keys/functions used in cryptography for storing passwords in data. It generates a key for rainbow table and encrypts the password before storing it. It works by doing cryptanalysis very quickly and effectively; hence the password should be created in such a way that it should hard enough to crack.
To crack Online password
To crack online password there are two tools commonly used THC Hydra and Tamper Data: Tamper data enables to capture and see the HTTP and HTTPS GET and POST information. In essence, Tamper Data is a web Proxy built right into our browse. It consumes the information from the domain/browser en route to the server and temper it, hence it’s a tamper data.
Whereas THC hydra which is also known as Kali tools. When we open THC Hydra we are greeted with the screen of syntax in the bottom of the page. This system of cracking password is simple and likely same to other password cracking tools. This tool makes it possible for hackers to show how easy it would be to gain illegal access to the system. It is very commonly known that, hydra is the fastest network logon. Below are the protocols supported by THC Hydra which is used to attacks the accounts, unlike other hacker tools:
Hydra supports the following protocols:
- Firebird, CVS, FTP, CISCO AAA;
- HTTP-FORM-GET(/POST/HEAD), HTTPS-POST, HTTP-Proxy, ICQ IMAP, IRC, LDAP, MS-SQL, MySQL, NCP, NNTP, Oracle, PCNFS,POP3,POSTGRES,RDP,REXEC,RLOGIN, RSH,SAP/R3,SIP,SMB,SMTP ENUM, Ftps and others
To crack Wifi Password
Before knowing how to crack wifi password one should know there are how many types of wifi security there is.
The wifi securities are such as
- WEP Security
- WPA security or WPA2 Security
Below are the techniques of cracking wifi password one by one:
- WEP Security: Firstly WEP stands for Wired Equivalent Security. This security is the most easiest to crack its password. It can be easily cracked by Aircrack software. By Using this Software one can easily crack the password within 07 to 09 hours .
- WPA security or WPA2 Security: This security can be cracked in two methods: 1. Dictionary attack or Word List attack 2. Fluxion Attack.
- Dictionary/Word Attack: this is nothing but another name to brute force and dictionary attack. One can try all the words of dictionary in the form of password until cracked.
- Fluxion Attack: In this technique the Wi-Fi connection is cut off and a new page is open. One should remember the Wi-Fi owner should be nearby. When a new page is open for wifi connection Wi-Fi owner is asked to enter the correct password on entering correct password we also receive his password simultaneously.
HOW TO PREVENT PASSWORD CRACKING
By reading and understanding the techniques of cracking password it has become clear that, password created should be strong and it should contain Upper case, Lower case, special character, numerical and length not less than 08 characters. There are three simple ways to prevent password from cracking:
Default password should be changed : Most of the hardware and software comes along – with the default password to setup account. It is to be noted that, hackers mostly use a password from the list of default passwords and tries to hack from it. Hence to be changed immediately. Similarly, if we forget the password we might receive a temporary password to unlock account. One should change the password immediately.
Pick up uncommon password : Make such password which Brute Force or Dictionary attack could not crack it. Also one should not use their own name, birth date, birth place, ID card Numbers or any such thing connected directly to own lifestyle as hacker might be able to crack the password if he/she is following your social media page.
To safeguard brute force attacks to any of your dedicated servers such as VPS or cloud server, one can install intrusion detection and prevention software known as LFD(Login Failure Daemon) or Fail2Ban or any other similar software which could stops the unknown or strangers from taking the illegal access of accounts
Use different password for all accounts : One should not use the same password for all account, as such, if the hacker gains an access to your password he/she can use the password for all your accounts and it will be difficult to change passwords of multiple accounts in fraction of seconds and it may cause one with huge loss, whereas if one uses differed password for all accounts, the password for one account could be changed immediately when know about the hacking and can safeguard the other accounts.
Two Device Authentication : Secure your account by making it enable to two device authentication: Two Device authentication requires you to verify your sign-in with text message or email or phone calls. This makes the hacker very difficult to take the access of any account illegally. One should enable this for every account which allows it to do so, to make your account more secure. Make sure to secure and enable the social media account too in similar way. Most of the times Hackers start hacking with social media account to get more personal information to misuse it.
DO not use same password question for multiple accounts.
Do not store critical password on the cloud.
Clear out cache to remove the stored password or information: Web Browser might be storing password and if someone gains the access to the browser one can login to the account by viewing the history. Hence one should regularly clear cache from smartphone and web browser as well.
HOW A PASSWORD SHOULD BE MADE IN A UNIQUE FORMAT
To create hard to crack password one should remember to create it in such a way that, it is easy to remember, it should be unique.
To make Unique password
One should remember that simple Plain text can be hacked very easily. Therefore create the password in such a way that, it tells a story, such as adding the name of websites alongwith the smiley or using symbols of smile and special characters. Make sure that, the length of the password is big. Once you make a good password you might be tempted to keep the same for all accounts but remember it leaves you more vulnerable if the password is cracked by any hacker.
Therefore in simple way remember the below keys while creating a new password every-time:
Length of password should be between Eight to Sixteen characters;
It should contain Symbols;
It should Contain Numbers;
It should contain Lowercase character;
It should contain Upper case character;
Do not repeat same characters.
While creating a password one can also create a passphrase instead of password: It has been noticed that, Passphrases are more secure than passwords as they are very lengthy which makes it difficult to guess or brute force, hence if the account allows to create long password prefer to create a passphrase.
Lastly, remember never share a password. Never text or email anyone your password, it is really important to keep the password private.