Password Cracking

 Password Cracking

 Password is like a key to get an entry into computerized systems like a lock.

 Password cracking is a process of recovering passwords from data that have been stored

in or transmitted by a computer system.

 Usually, an attacker follows a common approach – repeatedly making guesses for 

the password.

The purpose of password cracking is as follows:

1. To recover a forgotten password.

2. As a preventive measure by system administrators to check for easily crackable 

passwords.

3. To gain unauthorized access to a system.

Manual password cracking is to attempt to logon with different passwords. The attacker 

follows the following steps:

Find a valid user account such as an Administrator or Guest;

2. create a list of possible passwords;

3. rank the passwords from high to low probability;

4. key-in each password;

5. try again until a successful password is found.

Passwords can be guessed sometimes with knowledge of the user’s personal 

information. Examples of guessable passwords include:

1. Blank (none);

2. the words like “password,” “passcode” and “admin”;

3. series of letters from the “QWERTY” keyboard, for example, qwerty, asdf or 

qwertyuiop;

user’s name or login name;

5. name of user’s friend/relative/pet;

6. user’s birthplace or date of birth, or a relative’s or a friend’s;

7. user’s vehicle number, office number, residence number or mobile number;

8. name of a celebrity who is considered to be an idol (e.g., actors, actress, spiritual gurus) 

by the user;

An attacker can also create a script file (i.e., automated program) which will be executed 

to try each password in a list.

 This is still considered manual cracking, is time-consuming and not usually effective.

 Passwords are stored in a database and password verification process is established into

the system when a user attempts to login or access a restricted resource.

 To ensure confidentiality of passwords, the password verification data is usually 

not stored in a clear text format.

 For example, one-way function (which may be either an encryption function 

or a cryptographic hash) is applied to the password, possibly in combination with other 

data, and the resulting value is stored.

 When a user attempts to login to the system by entering the password, the same function 

is applied to the entered value and the result is compared with the stored value. If they 

match, user gains the access; this process is called authentication.


Comments

Post a Comment

Popular posts from this blog

Early Disease Detection with Machine Learning and Deep Learning

 In today’s healthcare landscape, early detection of diseases is a game-changer. Identifying health conditions early not only improves patient outcomes but also reduces treatment costs. Machine learning (ML) and deep learning (DL) are revolutionizing this process, enabling healthcare systems to detect diseases with unprecedented accuracy and speed. Early detection of diseases like cancer, diabetes, and cardiovascular conditions can significantly improve survival rates. However, traditional diagnostic methods often rely on time-consuming tests and subjective interpretation, leading to delays or errors. Enter machine learning and deep learning: technologies that learn from vast datasets to identify patterns invisible to the human eye. Cancer Detection: DL algorithms have achieved radiologist-level accuracy in detecting breast cancer from mammograms. COVID-19 Diagnosis: AI models analyze chest CT scans to identify COVID-19 with high precision. Alzheimer’s Detection: ML models analy...
Read more

Transaction Processing Concept

 Transaction o The transaction is a set of logically related operation. It  contains a group of tasks. o A transaction is an action or series of actions. It is  performed by a single user to perform operations for  accessing the contents of the database. Example: Suppose an employee of bank transfers Rs 800 from  X's account to Y's account. This small transaction contains several  low-level tasks: X's Account 1. Open_Account(X)  2. Old_Balance = X.balance  3. New_Balance == Old_Balance - 800  4. X.balance = New_Balance  5. Close_Account(X)  Y's Account 1. Open_Account(Y)  2. Old_Balance = Y.balance  3. New_Balance = Old_Balance + 800  4. Y.balance = New_Balance  5. Close_Account(Y)  Operations of Transaction: Following are the main operations of transaction: Read(X): Read operation is used to read the value of X from the  database and stores it in a buffer in main memory. Write(X): Write operation is us...
Read more

Computer Forensics: An Overview

  Key Aspects of Computer Forensics 1. Phases of Computer Forensic Investigation A typical forensic investigation follows a structured process: a) Identification Detect and recognize potential digital evidence sources (e.g., computers, mobile devices, cloud storage). Identify key stakeholders, such as law enforcement agencies or corporate security teams. b) Preservation Secure digital evidence without tampering. Use write-blocking tools to prevent data alteration. Create forensic copies (bit-by-bit images) of storage devices. c) Analysis Examine data for traces of malicious activity, deleted files, hidden data, or encrypted content. Use forensic tools like EnCase, FTK, Autopsy, X-Ways Forensics to extract evidence. Reconstruct events using system logs, timestamps, and metadata. d) Documentation Record all findings systematically. Maintain chain-of-custody records to ensure admissibility in court. Generate forensic reports detailing the investigation process and conclusions. e) Pre...
Read more