Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk, but involves system administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crackable passwords. On a file-by file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted.
Passwords to access computer systems are usually stored in a database so that the system can perform password verification when a user attempts to log in or access a restricted resource. To preserve confidentiality of system passwords, the password verification data is typically not stored in cleartext form, but instead a one-way function is applied to the password, possibly in combination with other data, and the resulting value is stored. When a user later attempts to authenticate by entering the password, the same function is applied to the entered value and the result is compared with the stored value. If they match, there is an extremely high probability that the entered password was correct. For simplicity in this discussion, we will refer to the one way function employed (which may be either an encryption function or cryptographic hash) as a hash and its output as a hashed password.
Even though functions that create hashed passwords may be cryptographically secure, possession of the hashed password provides a quick way to test guesses for the password by applying the one-way function to each guess, and comparing the result to the verification data. The most commonly used hash functions can be computed rapidly and the attacker can test guesses repeatedly with different guesses until one succeeds, meaning that the plaintext password has been recovered.
The term password cracking generally refers to recovery of one or more plaintext passwords from hashed passwords, but there are also many other ways of obtaining passwords illicitly. Without the hashed version of a password, the attacker can still attempt access to the computer system in question with guessed passwords. But well-designed systems limit the number of failed access attempts and can alert administrators to trace the source of the attack if that quota is exceeded. If he has the hashed password, the attacker can work undetected, and if the attacker has obtained several hashed passwords, the chance of cracking at least one is quite high.
Other ways to obtain passwords include social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security (see password for details). While those methods are not considered "password cracking" they are very popular among criminals (notably phishing) and remain very effective. They are often considered as the main vulnerability in password authentification systems.
Common methods for verifying users over a computer network often expose the hashed password. For example, use of a hash-based challenge-response authentication method for password verification may provide a hashed password to a network eavesdropper, who can then crack the password. A number of stronger cryptographic protocols exist that do not expose hashed passwords during verification over a network, either by protecting them in transmission using a high-grade key, or by using a zero-knowledge password proof.
Weak encryption
If a system uses a poorly designed password hashing scheme to protect stored passwords, an attacker can exploit any weaknesses to recover even 'well-chosen' passwords. One example is the LM hash that Microsoft Windows XP and previous versions use by default to store user passwords of less than 15 characters in length. LM hash converts the password into all uppercase letters then breaks the password into two 7-character fields which are hashed separately—which allows each half to be attacked individually.
Password encryption schemes that use stronger hash functions like MD5, SHA-512, SHA-1, and RIPEMD-160 can still be vulnerable to brute-force and precomputation attacks. Such attacks do not depend on reversing the hash function. Instead, they work by hashing a large number of words or random permutations and comparing the result of each guess to a user's stored password hash. Modern schemes such as MD5-crypt[1] and bcrypt use purposefully slow algorithms so that the number of guesses that an attacker can make in a given period of time is relatively low. Salting, described below, greatly increases the difficulty of such precomputation attacks, perhaps sufficiently to resist all attacks; every instance of its use must be evaluated independently, however.
Because progress in analyzing existing cryptographic hash algorithms is always possible, a hash which is effectively invulnerable today may become vulnerable tomorrow. Both MD5 and SHA-1, long thought secure, have been shown vulnerable to less than brute force efficiency attacks. For encryption algorithms (rather different than cryptographic hashes) the same has been true. DES has been broken (in the sense of more efficient than brute force attacks being discovered), and computers have become fast enough that its short key (56 bits) is clearly and publicly insecure against even brute force attacks. Passwords protected by these measures against attack will become vulnerable, and passwords still in use thereby exposed. Historical records are not always and forever irrelevant to today's security problems.
[edit] Guessing, dictionary and brute force attacks
The distinction between guessing, dictionary and brute force attacks is not strict. They are similar in that an attacker goes through a list of candidate passwords one by one; the list may be explicitly enumerated or implicitly defined, can incorporate knowledge about the victim, and can be linguistically derived. Each of the three approaches, particularly 'dictionary attack', is frequently used as an umbrella term to denote all the three attacks and the spectrum of attacks encompassed by them.
[edit] Guessing
Passwords can sometimes be guessed by humans with knowledge of the user's personal information. Examples of guessable passwords include:
* blank (none)
* the words "password", "passcode", "admin" and their derivatives
* a row of letters from the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
* the user's name or login name
* the name of a significant other, a friend, relative or pet
* their birthplace or date of birth, or a friend's, or a relative's
* their automobile license plate number, or a friend's, or a relative's
* their office number, residence number or most commonly, their mobile number.
* a name of a celebrity they like
* a simple modification of one of the preceding, such as suffixing a digit, particularly 1, or reversing the order of the letters.
* a swear word
Personal data about individuals are now available from various sources, many on-line, and can often be obtained by someone using social engineering techniques, such as posing as an opinion surveyor or a security control checker. Attackers who know the user may have information as well. For example, if a user chooses the password "YaleLaw78" because he graduated from Yale Law School in 1978, a disgruntled business partner might be able to guess the password.
Guessing is particularly effective with systems that employ self-service password reset. For example, in September 2008, the Yahoo e-mail account of Governor of Alaska and Vice President of the United States nominee Sarah Palin was accessed without authorization by someone who was able to research answers to two of her security questions, her zip code and date of birth and was able to guess the third, where she met her husband.
