| • Science | • People | • Locations | • Timeline |
Passwords to access computer systems are usually stored in an encrypted or hashed form in a central database, along with the user name and system wide security policies for a specific user (such as the user's home directory, initial configuration preferences, etc). Such databases often do not store the password in any form (encrypted or otherwise), but rather use it as (or to generate) a key used to encrypt some data (eg, a string of 10 0s).
There are several ways of obtaining passwords illicitly, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing and compromising host security (see password for details). However, these methods are usually not considered actual password cracking. The term is typically limited to recovery of one or more plaintext passwords from the encrypted or otherwise secured version stored on a computer. This use of the term assumes an attacker already has access to the encrypted password, by for example reading the password storage file somehow (e.g., via a Trojan Horse or virus program, or some social engineering, etc.)
This is the most obvious method, and the only one that can be applied even to 'well-chosen' passwords which are stored in encrypted form. The attacker attempts to decrypt the password by exploiting some cryptographic weakness in the encryption algorithm. Decryption need not be a quick operation, conducted while connected to the target system. Any 'cracking' technique of this kind is considered successful if it can decrypt the password in fewer operations than would be required by a brute force attackIn cryptanalysis, a brute force attack is a brute-force search of the 'key space' (i. all possible keys) in an attempt to recover the plaintext used to produce a particular ciphertext. Note that, in most cases, recovery of the plaintext in this way is not (see below). The fewer operations required, the "weaker" the encryption is considered to be (for equivalently well chosen passwords). However, it must be kept in mind that ciphers used for password protection should have been analyzed for weaknesses extremely thoroughly by cryptographic experts before adoption as a protective measure. Hence this method is unlikely to work if such an examination has been done correctly. ProprietarySomething proprietary is something exclusively owned by someone, often with connotations that it is exclusive and cannot be used by other parties without negotiations. It may specifically mean that something is covered by one or more patents, as in propri encryption algorithms which rely on obscurityIn cryptography and computer security, security through obscurity (sometimes security by obscurity is a controversial principle in security engineering, which attempts to use secrecy (of design, implementation, etc. to ensure security''. A system relying for security are much more likely to succumb to such attacks.
Progress in cryptography has made available functions which are believed to actually be " one wayA one-way function is a function which is easy to calculate but hard to invert — it is difficult to calculate the input to the function given its output. The precise meanings of "easy" and "hard" can be specified mathematically. With rare exceptions, almo" hashesA hash function is a function that converts an input from a (typically) large domain into an output in a (typically) smaller range (the hash value often a subset of the integers). Hash functions vary in the domain of their inputs and the range of their ou, such as MD5 or SHA-1. These are thought to be impossible to invert in practice. (The procedure for authentication using them would be 'hash' the password again and check whether it matches the stored hash produced from the original password.) When quality implementations of good one-way functions are correctly used for authentication, password cracking through decryption can be considered infeasible.