Sunday, 3 August 2014

Common Types Of Password Cracking And Their Countermeasures


By on 10:20

Social Engineering

Social engineering is when a hacker takes advantage of trusting human beings to get information from them. For example, if the hacker was trying to get the password for a co-workers computer, he could call the co-worker pretending to be from the IT department. Social Engineering is used for different purposes.

Countermeasure:

If somebody tries to get login information or any other sensitive information from you, ask them some questions. Try to find whether the one who is trying to get the info is legit or not.

Shoulder surfing

This method doesn’t need the usage of hacking knowledge. The hacker would simply attempt to look over your shoulder as you type in your password.

Countermeasure:

Make sure nobody’s looking when you type your login info.

Dumpster Driving

In this the hacker would simply try to find any slips of paper in which you have written the password.

Countermeasure:

Do not write your passwords or login information anywhere. If you write, keep them somewhere safe.

Guessing

If yours is a weak password, a hacker could simple guess it by using the information he knows about you.
Guessable passwords
1. Blank (None). (Most of the websites do not allow blank passwords)
2.The word "password" "passcode" "admin" and their derivatives.
3. The username or login name.
4. The names of their loved ones.
5. Their birthplace or date of birth.
6. A dictionary word in any language.
7. Automobile license plate number.
8. A row of letters in a standard keyboard layout.Example: asdfghjkl or qwertyuiop etc.
Countermeasure:

Use passwords that are not easily guessable and not found in any dictionary.

Dictionary Attacks

A dictionary attack is when a text file full of commonly used passwords, or a list of every word from the dictionary is used against a password database. Strong passwords usually aren’t vulnerable to this kind of attack.

Countermeasure:

Use the passwords that are not found in dictionary in any language.

Brute-force Attacks

Brute-force attacks can crack any password. Brute-force attacks try every possible combination of letters, numbers, and special characters until the right password is found. Brute-force attacks can take a long time. The speed is determined by the speed of the computer running the cracking program and the complexity of the password.

Countermeasure:

Use a password that is complex and long. Brute-force attack may take hundreds, even thousands of years to crack complex and long passwords.

Rainbow Tables

A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm (such as md5) that transformed it into something which is not recognizable. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very common hashing algorithm used as security to store passwords in website databases is MD5. It is almost like a dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords. ‘hello’ in md5 is 5d41402abc4b2a76b9719d911017c592

Countermeasure:

Choose a password that is long and complex. Creating tables for passwords that are long takes a very long time and a lot of resources

Phishing

Many hackers and internet security experts say that Phishing is the most easiest and popular way to get the account details. In a Phishing attack the hacker sends a fake Facebook or any other webpage link to the victim which the hacker has created or downloaded and uploaded it to any free hosting sites like http://www.100mb.com or any free webhost. The hacker sends the fake login page link through E-mail or while chatting, etc. When the victim enters the login details, the victim is redirected to the original login page and the hacker gets the victim's login details.

Countermeasure:

Phishing attacks are very easy to avoid. When you are asked to put your personal information into a website, look up into the URL bar. If for example you are supposed to be on facebook.com and in the URL bar it says something like facebook.something.com or something, the you should know it’s fake.

RATing and Keylogging

In keylogging or RATing the hacker sends a keylogger server or RAT server to the victim. The keylogger records every key stroke of the victim. When the victim is typing the account details, the keylogger records and sends it to the hacker.

Countermeasures:

It is better to use on-screen keyboards or virtual keyboards while tying the login info or personal info. Install the latest anti-virus software and keep them updated.



Note: There are several other types of password cracking but, these are the most common types.

If Yu like this tutorial. Simple thanks wouldn't take more than 10 seconds.

Hope you liked the tut. :)

About Chirag Arya

Chirag is a young guy who is blessed with the art of Blogging,He love to Blog day in and day out,He is a Website Designer, Certified Hacker and a Certified Graphics Designer.

0 comments:

Post a Comment