Essay Sample on Password Cracking Attacks

Introduction

Passwords are a form of user authentication on a computer system. Users of a system can authenticate themselves using several techniques, for instance, users can prove their identity using personal attributes such as fingerprint, or use a feature only know by the user. The main objective of user authentication using passwords is to allow the password change in case the password is compromised. Password cracking is the act of gaining access to passwords that have been stored in a file data or transmitted by a system. The aim of cracking passwords is to assist system users to recover their forgotten passwords, to get an access to a computer system without authorization and for use by system administrators to check for weak passwords that are easy to crack. Password cracking is also the attempt to guess password characters to access a computer network or system. Cracking passwords involve the use of various techniques such as scripts and software to assist crackers access passwords. The aim of a password cracker is to get the root password in UNIX and administrator passwords in Windows systems. Password cracks work through a comparison between every encrypted dictionary word and the entries found in the system password file (Aggarwal, Houshmand & Weir 2018). The comparison happens until a similar password entry in both files is found. Several password-cracking techniques are discussed below.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Guessing

Sometimes, the most effective way to crack passwords is through the application of logic or guessing the passwords that are commonly used, although computer scientists have invented advanced password cracking techniques and programs. Many users lack the knowledge about the importance of security and find it annoying to use passwords that are more complex. As a result, they use passwords that they can remember easily and thus easy to guess. For example, users tend to use "password" as password, similar username, and password, Name of the system user, Birth dates, ID numbers, pet names etc. This technique can work more effectively than using software tools, but obviously, this technique is best suited in cases where the password cracker knows the user. Another condition that favors the application of this method is that average system users do not like using different passwords for different accounts. Therefore, if the cracker can figure out the password for one of the user's accounts, he/she can easily access many other areas protected by passwords using a single password (Hitaj, Gasti, Ateniese, & Perez-Cruz 2017).

Dictionary Attacks

This method uses a program that uses a word list on the program or interface that is preventing a cracker from accessing some data. Many simple crackers making use of this cracking technique make use of common single words or a dictionary. Advanced crackers us the list of single words mixed with numerical characters and symbols at the end or start of the guessed passwords. This method relies only on words that are supplied by the user, and in case of misspelling, the cracking can never succeed (Genc, Kardas, & Kiraz, 2017).

Brute Force

Brute force password-cracking methods are the final option because they are the least effective of all other methods. Brute force essentially means trying all possible combinations of passwords. The Method is efficient if the password length is short, but would be infeasible to use in modern systems that require passwords of more than seven characters. Assume a password consists of capital or small letters, this would take 267 trials which computes to 8,031,810,176 guesses. This method also assumes the cracker is aware of the number of characters in a password. The main advantage of the brute force cracking technique is that it will always succeed in cracking a password no matter how long it may take and the complexity of the password (Abdou, Barrera, & van, 2016).

Real Life Example of Password Attack

According to a 2017 report by Verizon, a network of an unnamed university received very many Domain Name Service requests for seafood restaurants. Although it appeared more of a student prank, it was an attack from outside hackers who utilized 5000 IoT (Internet of Things) devices like the lighting systems and vending devices. The hack was made a success using a brute force attack, which leveraged the weak passwords set by users so that malware could be released to the university network and bring it to stand still. The network system used very weak passwords such that hackers easily accessed the network and damaged it. Essentially, it is important to cultivate a culture of security in ourselves through our devices and bear in mind the consequences of weak security measures. Therefore, network and computer systems should enforce strong and salted user passwords to avoid cyber-attacks (Verizon Communications Inc., 2017).

Conclusion

Technologies that create a scheme for password storage that can withstand attacks within a reasonable time have been there for a long time. The prevalence of password hash attacks can be attributed to the laziness or ignorance in administrative system designers, which store the passwords. The laziness and ignorance on the part of the system users have also escalated the prevalence of attacks on passwords. Several precautions need to be taken to reduce computational attacks to almost impossible. Such precautions include the designing of systems that allow storage of salted password hashes, using long passwords that draw their character from a large search space taking physical precautionary measures such as ensuring nobody is watching as you type your passwords etc. All these measures would prevent attacks and reduce the financial viability for the attackers.

References

Abdou, A. R., Barrera, D., & van, O. P. C. (January 01, 2016). What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks.

Aggarwal, S., Houshmand, S., & Weir, M. (2018). New Technologies in Password Cracking Techniques. In Cyber Security: Power and Technology (pp. 179-198).

Springer, Cham.Genc, Z. A., Kardas, S., & Kiraz, M. S. (2017, September). Examination of a new defense mechanism: Honeywords. In IFIP International Conference on Information Security Theory and Practice (pp. 130-139).

Springer, Cham.Hitaj, B., Gasti, P., Ateniese, G., & Perez-Cruz, F. (2017). Passgan: A deep learning approach for password guessing. arXiv preprint arXiv:1709.00440.

Verizon Communications Inc (2017). Data Breach Digest. [online] Los Angeles: Verizon Publisher. Available at: https://www.verizon.com/about/sites/default/files/2017VerizonAnnualReport.pdf [Accessed 24 Nov. 2018].