CISSP Fix

Password cracking is the procedure of finding passwords from the data, which has been stored in or transferred by a system. Most common method of password cracking is to guess the password repeatedly until the correct password is not found. The ethical objective of password cracking is to help a user to recover a forgotten password. Password cracking is mainly employed to gain unauthorized access to a system, or used as a protective measure by system administrators to check whether the password is easily crackable or not. On the basis of file, password cracking is used to gain full access to the digital evidence for which a judiciary allowed access but the access to particular file is restricted. There are numerous ways for password cracking. Some of the methods are as follows:

1. Guessing: Passwords can be guessed by human beings with the knowledge of the personal information of the user. These information may be name of their loved ones such as friend, relative or pet, their birthplace or date of birth of a friend’s, or a relative’s, their contact number, residence number or usually their mobile number, name of a famous celebrity they like etc.
2. Brute Force attack: Brute force attack is the process of trying every possible password. Brute force attack will always be successful method of password cracking as the rules for accepting passwords is publicly known to everyone, but as the password length increases, thus increasing the number of possible passwords. This method is not likely to be practical except the password is relatively small; however, system using parallel and fast processing can reduce the time and labor to crack the password.
3. Dictionary Attack: Dictionary attack is a method of cracking passwords by trying to find out its decryption key or passphrase by searching the expected possibilities. A dictionary attack utilizes the brute-force attack technique of consecutively trying all the words in a list or a dictionary. On comparing with brute force attack, where a large section of key is searched methodically, a dictionary attack tries only those possibilities which are likely to be successful by typically from a listing of words in a dictionary. Normally, dictionary attack is successful because there is a trend in people of choosing passwords, which are short, and of single word and can found in dictionaries, easily-predicted variations on words, such as elaborating a digit.