{"id":2518,"date":"2017-06-03T14:26:12","date_gmt":"2017-06-03T14:26:12","guid":{"rendered":"https:\/\/www.hackmethod.com\/?p=2518"},"modified":"2018-12-12T20:56:54","modified_gmt":"2018-12-12T20:56:54","slug":"passwords-cracking-hashes","status":"publish","type":"post","link":"https:\/\/hackmethod.com\/passwords-cracking-hashes\/","title":{"rendered":"Passwords – Cracking Hashes"},"content":{"rendered":"

Password Safeguards<\/h1>\n

Password Strength<\/h2>\n

Password strength or complexity is the goal of having a good password and making it strong against brute-force attacks.\u00a0ab<\/sup><\/em> where a<\/em> is the possible symbols and b<\/em> is the length. If you have a 4 letter password containing only [0-9] then it might take 104 <\/sup>= 10,000 attempts, a computer with a decent graphics card can calculate billions of guesses per second.<\/p>\n

Key Stretching<\/h2>\n

Key stretching, also known as key strengthening, is the act of increasing the complexity enough that it wouldn\u2019t be worth the hacker\u2019s time to be able to crack it. This is done by taking a password (its salted version), hashing it, then hashing the output again an x amount of times, increasing the time it takes to crack the original password exponentially by hashing each iteration\u2019s output.<\/p>\n

Salting<\/h2>\n

Salting is the process of adding random data (a salt) at the end of a password before hashing it. It is a method commonly used to defend against dictionary and rainbow table attacks. See Fig 1.<\/p>\n

\"Salting<\/a>

Fig 1. Process of salting ‘hello’<\/p><\/div>\n

Cracking Methods<\/h1>\n

Brute-force Attack<\/h2>\n

A brute-force attack involves checking every bit until it matches the password\u2019s hash. This is a very inefficient way of password cracking, because if a password is complex enough then it may take an absurdly large amount of time or power before it can be cracked. See Fig 2.<\/p>\n

\"\"<\/a>

Fig 2. Brute-force process 0000 – 1111<\/p><\/div>\n

Dictionary Attack<\/h2>\n

A dictionary attack is a common first resort against a password hash. People are predictable and make very commonly used passwords. Using a wordlist, a pre-compiled text file list of the most common passwords, the password cracker will go through each password on the list and check if the hash matches the original passwords.<\/p>\n

Rainbow Table Attack<\/h2>\n

A rainbow table attack is similar to a dictionary attack except instead of a wordlist just containing plaintext passwords, a rainbow table contains plaintext passwords and their corresponding hash. This saves the hacker plenty of time in exchange for loss of space as these files can be very large.<\/p>\n","protected":false},"excerpt":{"rendered":"

Password Safeguards Password Strength Password strength or complexity is the goal of having a good password and making it strong against brute-force attacks.\u00a0ab where a is the possible symbols and b is the length. If you have a 4 letter password containing only [0-9] then it might take 104 = 10,000 attempts, a computer with […]<\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[52,86],"tags":[87],"class_list":["post-2518","post","type-post","status-publish","format-standard","hentry","category-hacking","category-roadmap","tag-roadmap"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5zY4D-EC","_links":{"self":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/2518","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/comments?post=2518"}],"version-history":[{"count":7,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/2518\/revisions"}],"predecessor-version":[{"id":5240,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/2518\/revisions\/5240"}],"wp:attachment":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/media?parent=2518"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/categories?post=2518"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/tags?post=2518"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}