2 Attacks for Password Cracking
Passwords can be hacked with a variety of techniques. Factors that are often targeted for exploitation is carelessness user and system weaknesses.
Before discussing how to secure password, we would like to discuss the technique of attacks on passwords. Thus, the material is clear and you know why securing passwords truly important.
2.1 Brute Force Attack
Brute force is a technique to break passwords by trying to enter multiple passwords repeatedly and automatically. The success of this method is determined by the strength of weak passwords. If the character to write down the password only slightly, for example 1-4 letters, it can easily be hacked within minutes. The longer the password, the longer the process.
To find out how long it takes to break the password by brute force, you can count broken-down secret password and anticipation alone with Brute Force Calculator application. You can calculate it directly by opening a website address lastbit.com/pswcalc.asp.
Below is an example of calculating the time it takes to break the password with a password length of 10 characters, speed 500000 brute force passwords per second.
 |
| 2.1 Calculating the length of perforated passwords with brute-force attack |
In practice, the length of time it takes to break the password with the same number of characters can vary. On the way, it could be the password entered by the application of brute force is correct.
The following table lists the types of files that are often protected by a password.
To break the password files documents with a brute force attack, you can use various types of software.
2.2 Dictionary Attack
Slightly more sophisticated ways to break the password is to use a dictionary (dictionary). This technique is similar to a brute force attack. If brute force to try to break the password with all possible characters, this technique uses a dictionary (dictionary) so that not all of the characters will be put away. Only certain words or combinations of certain characters
used.
This technique is easier to break the password if the user uses the word or standard character. For example, a combination of letters that is predictable, the word in the Indonesia/English, the name of the area.
2.3 Keylogger
Keylogger is a device for recording a combination of letters / characters typed by the user via the keyboard. Keyloggers can be either software (software) and hardware (hardware).
By recording and analyzing the user typed letter, you can estimate the password used by the user.
In the form of a hardware keylogger is difficult to detect. In contrast with keylogger software that may still be recognized by the application that is able to see the process (process) on the computer.
Hardware can be either the keyboard itself which also serves as a keylogger. Of course this type of keyboard is not widely circulated in the market.
 |
2.2 The keyboard is equipped with a keylogger.
Looks like a regular keyboard
|
There are also additional hardware that can be attached to the computer and will record the keystrokes that you make.
 |
2.3 Example USB flash disk that also serves as a keylogger
www.keelog.com/
|
2.4 Social Engineering
Social engineering is an engineering approach to manipulate other people so willing to give the password. This technique is more to do with social relationships, and don't have to use hacking techniques.
Social engineering can be done by means of deceptive telephone, e-mail, website, and direct communication. For example, you can peek the password being typed someone by pretending to accompany him surfing.
While social engineering through website, email, and telephone can be done with fraud. In essence, you pretend to be someone who has the authority, for example, Administrator, and then asks the user tell the password.
2.5 Phishing
Phishing is derived from the word fishing, which means fishing. Phishing is done by the user so that the user lure deceived and want to type in the password. The way is often done with a phishing email and website.
Phishing e-mail is done by sending an email to potential victims. In the email content is already included a link (link) which is used to deceive the victim.
For example, provided a link to mail.yahoo.com. Though these links do not lead to Yahoo; but to other websites with a view similar to the Yahoo Mail. Once the user deceived and type in the password, then the password has been recorded and can be used by other parties.
2.6 System Weaknesses
There are still many users who are not familiar with the system they use. As a result, users of this type are very vulnerable to security attacks.
Example: Many people still do not know that Firefox can save passwords. If not careful, the password can be stored so that it can be opened joined by others.
2.7 Sniffing
Sniffing is a technique to observe the flow of data passing through the network. In other words, sniffing can also be used to extract confidential data including passwords.
Hi. I’m Designer of Blog Magic. I’m CEO/Founder of ThemeXpose. I’m Creative Art Director, Web Designer, UI/UX Designer, Interaction Designer, Industrial Designer, Web Developer, Business Enthusiast, StartUp Enthusiast, Speaker, Writer and Photographer. Inspired to make things looks better.
0 komentar:
Posting Komentar