Choosing and managing passwords is the fundamental security measure in client’s control. Even if the application and it’s server is impenetrable, it means absolutely nothing if your password can be cracked by an average Joe.
You would think that all security conscious people would know how to protect themselves, but I frequently see cases like this:
CaliConnect’s Private PGP Key Account Password Was “asshole209”
Twittor – Launched Hacked in 2 Hours (Password was: 123123123…)
Cantina Marketplace PWND: Admin Password was: “Password1” ?!
This tutorial contains explanations of password cracking when the server and client side are protected. These methods’ effectiveness highly depend on attacker’s processing power which we’ll analyze after attack methods.
If you just want to know easy way to be safe, jump to the ‘Easy way to manage strong passwords’.
Brute Force Attack
Brute-force attack is a technique of enumerating all possible password candidates and checking each one. This is no elegant attacking method, but sometimes it’s all that’s needed. This attack is feasible only for very weak passwords.
Dictionary attack is a variant of brute force attack in which the attacker gathers all information about targeted password(s) and creates a ‘dictionary’. Dictionary is a customized list of password candidates, typically