Good Essay On Operations Security, Access Control Systems Methodology
Passwords are used to authenticate the people using certain applications so as to prevent entry of unauthorized personnel or malicious people. A password is usually a secret phrase or word that enables a person to gain entry into a computer application (INFOSEC, 2015). Malicious people have come up with various methods of deciphering these passwords so as to gain unauthorized entry into applications. Such people use password cracking methods so as to identify the correct passwords. Password cracking is a process that involves recovering passwords or guessing passwords. Passwords can be recovered from storage locations or through data transmission systems (Lee, 2014). Password cracking is a method that can be used legitimately or illegitimately. Some people use password cracking so as to gain entry into unauthorized applications while other people use password cracking so as to recover passwords that have been forgotten. There are other times when password cracking is used to check whether an application is secure. Such kind of usage is known as penetration testing.
Computer programmers have developed algorithms to enable password cracking using a very small amount of time. The password cracking tools use various combinations of words until the successful login is achieved. Successful login means that the password has been identified. Strong passwords make it harder for the password cracking tools to identify the passwords, and it might take a longer time (INFOSEC, 2015). Strong passwords use a combination of letters, numbers and special characters. There are various password cracking tools that have been developed over the years. These password cracking tools have pros and cons. Some of these password cracking tools include Pwdump; Brutus; RainbowCrack; Cain and Abel; and Wfuzz.
Pwdump contains a collection of Windows programs that produce NTLM and LM password hashes of user accounts through the Security Account Manager (Openwall, 2009). Pwdump only works if it is able to access the administrator account running in a computer where the password hashes are dumped. Pwdump puts the security of the applications at risk because a malicious person can access the passwords of users, and use these passwords to access unauthorized information.
Brutus is a very popular password cracking tool that can be used remotely. It is considered as a very flexible and fast password cracking tool. Brutus is used on Windows systems, and is available free of charge (Lee, 2014). This password cracking tool can connect 60 targets simultaneously (INFOSEC, 2015). The load and resume options enables the user to pause and resume the attack process at any given time.
RainbowCrack has a large time-memory that functions through the use of hash algorithm (Lee, 2014). The tool computes hash pairs and plain text before storing them in a rainbow table. The process used by the RainbowCrack consumes a lot of time. The advantage of this process is that once all the data is stored in the rainbow table, the tool is able to crack passwords at a faster rate compared to Brutus (INFOSEC, 2015). The tool is available for free as well as the rainbow tables.
Wfuzz is a password cracking tool that uses brute forcing to crack passwords. The tool is also useful in finding sources that are hidden. Wfuzz enables its users to identify injections that are available in web applications. These injections include XSS Injection; SQL Injection; and LDAP Injection (INFOSEC, 2015).
Cain and Abel is a password cracking tool that handles a wide variety of tasks. These tasks include brute force attacks; decoding of scrambled passwords; exposing password boxes; recording conversations over VoIP; sniffing the network; cracking passwords that have been encrypted; analysis of routing protocols; revealing cached passwords; and performing cryptanalysis attacks (INFOSEC, 2015). Cain and Abel use the weaknesses of the system security to capture passwords.
References
INFOSEC, (2015). 10 Most Popular Password Cracking Tools. INFOSEC Institute. Retrieved from: http://resources.infosecinstitute.com/10-popular-password-cracking-tools/
Openwall, (2009, Mar 27). Password Recovery. Openwall. Retrieved from: http://www.openwall.com/passwords/microsoft-windows-nt-2000-xp-2003-vista-7#pwdump
Lee, S., (2014, Oct 15). Top 10 Password Cracking Tools. Wondershare. Retrieved from: http://www.wondershare.com/disk-utility/top-10-password-cracker-tools.html
- APA
- MLA
- Harvard
- Vancouver
- Chicago
- ASA
- IEEE
- AMA