mesvak 362 [hide] 1. Dictionary attack : The dictionary attack uses a simple file containing words that can be found in a dictionary, hence its rather straightforward name. In other words, this attack uses precisely the kind of words that many people use as their password. Cleverly grouping words such as "letmein" or "superadministratorguy" will not prevent your password from being cracked this way – well, not for more than a few extra seconds. 2. Brute force attack Similar to the dictionary attack, the brute force attack comes with a bonus for the hacker. Instead of only using words, a brute force attack lets them detect non-dictionary words by working through all possible alpha-numeric combinations from aaa1 to zzz10. It’s not quick, provided your password is over a handful of characters long, but it will uncover your password eventually. Brute force attacks can be shortened by throwing additional computing horsepower, in terms of both processing power – including harnessing the power of your video card GPU – and machine numbers, such as using distributed computing models like online bitcoin miners. 3. Rainbow table attack Rainbow tables aren't as colourful as their name may imply but, for a hacker, your password could well be at the end of it. In the most straightforward way possible, you can boil a rainbow table down into a list of pre-computed hashes – the numerical value used when encrypting a password. This table contains hashes of all possible password combinations for any given hashing algorithm. Rainbow tables are attractive as it reduces the time needed to crack a password hash to only just looking something up in a list. However, rainbow tables are huge, unwieldy things. They require serious computing power to run, and a table becomes useless if the hash it's trying to find has been "salted" by the addition of random characters to its password ahead of hashing the algorithm. There is the talk of salted rainbow tables existing, but these would be so large as to be challenging to use in practice. They would likely only work with a predefined "random character" set and password strings below 12 characters as the size of the table would be prohibitive to even state-level hackers otherwise. 4. Phishing There's an easy way to hack: ask the user for his or her password. A phishing email leads the unsuspecting reader to a faked log in page associated with whatever service it is the hacker wants to access, requesting the user to put right some terrible problem with their security. That page then skims their password, and the hacker can use it for their purpose. Why bother going to the trouble of cracking the password when the user will happily give it to you niga anyway? [/hide] Quote Share this post Link to post Share on other sites