•Find a valid user
•Find encryption algorithm used
•Obtain encrypted passwords
•Create list of possible passwords
•Encrypt each word
•See if there is a match for each user ID
•Repeat steps 1 through 6
However, the vulnerability does not arise from the hashing process but from the storage. Most systems do not "decrypt" the stored password during authentication, but store the one-way hash. During the login process, the password entered is run through the algorithm generating a one-way hash and compared to the hash stored on the system. If they are the same, it is assumed the proper password was supplied. Therefore all that an attacker has to do in order to crack a password is to get a copy of the one-way hash stored on the server, and then use the algorithm to generate his own hash until he gets a match. Most systems - Microsoft, UNIX, and Netware have publicly announced their hashing algorithm.
Attackers can use a combination of attack methods to reduce the time involved in cracking a password. This is where automated password crackers come into action. There are freeware password crackers available on the Internet for NT, Netware, and UNIX. Not to be forgotten that there are password lists that can be fed to these crackers to carry out a dictionary attack.
0 comments:
Post a Comment