Password Security

(Alexander, 2012) Describes password cracking as the classic way through which unauthorised people gain access to a computer system by illegally finding out the password and logging in. Password cracking has quite advanced over the years especially due to the vast growth of the Internet that has created unlimited opportunities for intruders to abscond with credit card information, steal secrets, tinker with Web sites, or just generally make mischief illegally. There are a number of attack styles through which this intruders are able to hack passwords that allow them into a system. Among this styles include; the brute force attack where a hacker uses a computer program or rather a script to try to log in with possible password combinations, essentially starting with the easiest-to-guess passwords to the hardest until it cracks as shown in the diagram below, (Yan, et al., 2010).

The other is the dictionary attack in which the hacker uses a program or a script to attempt login by cycling through possible combinations of common words. Another is the key logger attack style in which a hacker uses a program to track all the user’s keystrokes to keep track of all the user has typed, which he uses to obtain their login IDs and passwords as seen in the figure below;

Another major password attack style is the rainbow table, (Gordon & Loeb, 2012). A rainbow table is a said to be a precomputed table that is essentially used by an attacker to reverse cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plain text password up to a certain desired length that normally consists of a limited set of characters. A rainbow table style of password cracking is deemed to be a practical example of a space/time trade-off, that uses less computer processing time and more storage than other attacks such as the brute-force attack, which calculates a hash on every attempt, but rather more processing time and less storage than just a simple lookup table with only one entry per hash, (Hilton, 2013). Once the attacker gains access to the system’s password database, the password cracker then compares the rainbow table’s pre-compiled list of potential hashes to the hashed passwords in the database. It associates the plaintext possibilities with each of those hashes, which the attacker can hence exploit to access the network as an authenticated user as is seen in the diagram below;

This type of password attack style make password cracking much faster than earlier methods, such as brute-force cracking and dictionary attacks, (Alexander, 2012). Based on the particular software, rainbow tables can be used to crack up to14-character alphanumeric passwords in approximately 160 seconds.

References

Alexander, S., 2012. password cracking. New York, NY: The New York Times.. Gordon, L. & Loeb, M., 2012. Information Security. 8th ed. London, UK: Chapman & Hall, Ltd. Hilton, Y. C. a. J., 2013. Information Security. A Reference Model of Information Assurance & Security, Volume Vol 2, pp. pp.546-555.

Yan, J., Blackwell, A., Anderson, R. & Grant, A., 2010. password cracking styles. 6th ed. Orlando: SleuthSayers..

Continue your exploration of Modern technology with our related content.