Password hacking is the process of recovering passwords from data which has been stored in or transmitted with a computer system. A common approach would be to repeatedly try guesses for the password. The purpose of password cracking could possibly be to help an user recover a forgotten password (though installing a completely new password is a lesser amount of a security risk, but involves system administration privileges), to gain unauthorized access to something, or as a precautions by system administrators to check on for easily hackable passwords. With a file-by-file basis, password cracking is utilized to gain access to digital evidence which is why a judge has allowed access but the particular file's access is restricted.
The time to hack a password is related to bit strength (see password strength), the function of the password's information entropy. Most ways of password hacking require computer to produce many candidate passwords, each of which is checked. Brute force hacking, where a computer tries every possible key or password until it succeeds, could be the lowest common denominator of password hacking. More established methods of password hacking, such as dictionary attacks, pattern checking, word list substitution, etc., attempt to reduce the number of trials required and can usually be attempted before brute force.
To be able to hack passwords using applications is a function of the number of possible passwords per second which can be checked. If a hash of the target password can be acquired to the attacker, the dpi can be quite large. Otherwise, the rate depends on whether or not the authentication software limits how often a password can be tried, either by time delays, CAPTCHAs, or forced lockouts if we do number of failed attempts.
Facebook Hacker
Individual desktop computers can test which range from one million to fifteen million passwords per second against your password hash for weaker algorithms, for instance DES or LanManager. See: John the Ripper benchmarks An user-selected eight-character password with numbers, mixed case, and symbols, reaches around 30-bit strength, according to NIST. 230 is simply one billion permutations and would take typically 16 minutes to hack. When ordinary desktop computers are combined in a cracking effort, as can be done with botnets, the capabilities of password cracking are considerably extended. In 2002, distributed.net successfully found a 64-bit RC5 get into four years, in an effort which included over 300,000 different computers at various times, and which generated an average of over 12 billion keys per second. Graphics processors can accelerate password cracking by way of a factor of Fifty to one hundred over general purpose computers. By 2011, commercial merchandise is available that claim the ability to test up to 2,800,000,000 passwords a second on a standard computer's desktop using a high-end graphics processor. This type of device can crack a 10 letter single-case password in a single day. Note that the project can be distributed over many computers for the next speedup proportional to the number of available computers with comparable GPUs.
In case a cryptographic salt is not employed in the password system, the attacker can pre-compute hash values for common passwords variants as well as all passwords shorter than the usual certain length, allowing very rapid recovery. Long lists of pre-computed password hashes may be efficiently stored rainbow tables. Such tables can be found on the Internet for several common password authentication systems.
Another situation where quick guessing is possible is when the password is utilized to form a cryptographic key. In such cases, an attacker can quickly check to see if a guessed password successfully decodes encrypted data. As an example, one commercial product claims to test 103,000 WPA PSK passwords per second.
Despite their capabilities, desktop CPUs are slower at cracking passwords than purpose-built password breaking machines. In 1998, the Electronic Frontier Foundation (EFF) built a separate password cracker using FPGAs, instead of general purpose CPUs. Their machine, Deep Crack, broke a DES 56-bit type in 56 hours, testing over 90 billion keys per second. Really, the Georgia Tech Research Institute developed a method of using GPGPU to compromise passwords, coming up with a minimum secure password period of 12 characters.
Maybe the fastest way to crack passwords is by the use of pre-computed rainbow tables. These encode the hashes of common passwords based on the most widely used hash functions and will crack passwords in a matter of seconds. However, these are only effective on systems that will not use a salt, such as Windows LAN Manager plus some application programs... More Hacks