There are two main techniques for password hacking commonly used by hackers today.
Password Recovery Technique:
In this technique the hacker tries to fool your computer into believing him to be a genuine administrator. There are several programs available for password auditing and recovery such as L0phtCrack, John the Ripper, and Cain; some of which use password design vulnerabilities (as in the Microsoft LANManager system) to increase efficiency. Some are useful to system administrators as any password which can be found using one of these programs is most definitely a weak password and should be rejected as an acceptable password choice.
Brute Force Technique:
The technique wherein the hacker takes multiple tries at your password repetitively (Sometimes up to thousands of tries per minute) is called “Brute Force”. Brute force hackers use a dictionary called a “Brute Force dictionary”. These are software tools that are capable of recombining English dictionary words in a variety of ways. Generally these dictionaries begin with simple letters “a”, “aa”, “aaa” and then eventually move to full words like “dog”, “doggie” and “doggy”. (Gil, 2007) Well designed brute force dictionaries can take up to 50 tries a minute. Hence in a time span of several hours or even days, the dictionary can crack any password.
Hence a good password is one that makes it take days for the hacker to crack.
Encryption and Master Passwords:
It is prescribed to have a different password for each user account. Since it is difficult to remember numerous passwords and user accounts, a solution may be to remember a single base password, and remember a list of keywords for each user account, and encrypt the base text using the keyword by putting it through a suitable “Cipher” (encoder).
Try the Credibles’ very own password generator, which teaches you the basics of encryption.
Click to download
Due to competition rules, java applets cannot be uploaded to the Oracle ThinkQuest Server. Please download the applet files (JDK included) here.
NOTE: Enter a simple base text and keyword and take a look at the password generated.
Since the Vigenere Cipher has been used, only alphabetic strings can be handled. It is not recommended to use any of the passwords generated by password generator as a password, as the password generated is merely one that elucidates the encryption process and isn’t secure.
Brief description of Encryption using Vigenere Cipher:
Encryption is the conversion of data into a form, called ciphertext that cannot be easily understood by unauthorized people.
The Vigenere Cipher was developed by Blaise de Vigenere around 1586, for French diplomatic and military communications. The Vigenere Cipher uses a keyword and a 26-by-26 matrix of letters to substitute plaintext letters with ciphertext letters and vice versa. The message sender and receiver must both use the same matrix and keyword.
The matrix used for our encryption is –
The matrix contains the ciphertext letters. The lowercase letters are row and column indices.
To encrypt a plaintext letter:
Base password : JohnSmith
Keyword : Hotmail
Password Generated : QCAZSUTAV
To decrypt a message the process is reversed.