Verfügbare Informationen zu "Understanding Password Cracking"
Qualität des Beitrags: Beteiligte Poster: 4dministr4t0r Forum: Newcomer - Board Forenbeschreibung: Forum für alle "Newcomer" (Alter, Geschlecht etc. egal), die sich im Bereich Systemsicherheit weiterbilden wollen. Chatten könnt Ihr am Ende der Seite! aus dem Unterforum: Tutorials (Info-Texte) Antworten: 1 Forum gestartet am: Samstag 23.12.2006 Sprache: deutsch Link zum Originaltopic: Understanding Password Cracking Letzte Antwort: vor 17 Jahren, 4 Monaten, 7 Tagen, 14 Stunden, 7 Minuten
Alle Beiträge und Antworten zu "Understanding Password Cracking"
Re: Understanding Password Cracking
4dministr4t0r - 26.12.2006, 20:43Understanding Password Cracking
##############################################################################################
Alle hier geposteten Tutorials sind im www zu finden und nicht von mir. Sie werden unverändert hier dargestellt.
Wir weisen ausdrücklich darauf hin, daß wir mit dieser Ansammlung nicht zu Straftaten aufrufen oder animieren wollen!!!
Alle Tutorials dienen ausschließlich zu Informationszwecken.
Solltest Du ein von Dir erstelltes Tutorial hier finden und mit der Veröffentlichung bei Hackressort nicht einverstanden sein, schick mir eine PM oder Email.
Das Tutorial wird dann entfernt.
Hackressort-Team
##############################################################################################
Understanding Password Cracking
UNIX SECURITY --- 12/13/2001
-------------------------------
Before you can protect your users' passwords, you need to understand
how potential intruders crack them.
In an earlier article, I discussed how Unix passwords are stored. I
touched on basic cryptography and discussed how using smart password
storage systems, such as using shadow passwords, will enhance a
computer system's security. But what are we protecting our systems
from in the first place? How does cracking passwords work?
As I discussed earlier, there are three fundamental techniques to
encryption: Symmetric key-based algorithms, asymmetric key-based
algorithms, and one-way hash functions.
Symmetric key-based algorithms use the same key to encrypt and
decrypt information. If I encrypt a block of text such that A is
encrypted as N, B is encrypted as O, C is P, and so on, then to
figure out what UV ZBZ means, I only need to use the same key that
initially encrypted the text to decrypt it.
Asymmetric key-based algorithms use a different key to encrypt
information from the one used to decrypt it. Asymmetric cryptography
has received a lot of press in the last few years due to the
popularity of public-key implementations such as PGP, which allow
encrypted information to be shared without having to share a single
secret key.
Unix passwords are stored in the form of a one-way hash function. One-
way hash functions are unique in cryptography because, unlike the other
fundamental techniques of cryptography, they use no key at all. They
work by encrypting two strings and comparing them to see if they're the
same in encrypted form.
That's all well and good, but what does it mean in the real world? If
one-way hash functions have no key, then how can they be cracked? We
understand that when we enter our passwords in to a Unix system to log
on, the system never actually sees the password. The computer stores
the password encrypted with a hash function; when we type in a password,
the computer encrypts it with the same hash function and compares the
results. To crack a password then, the cracking program uses what's
known as a 'dictionary attack'.
A dictionary attack uses a large list of words and encrypts them using
the same hash function the computer uses to encrypt passwords. Then,
just as in normal password situations, the cracking program compares
the encrypted word with the encrypted string stored in the password file.
In order for this to work, the attacker must have access to the password
file and a word list that includes the password for the account the attacker
wants to compromise. To counter the first component, make sure your Unix
server is using shadow passwords or some other secure authentication scheme.
The second aspect of this explains why security experts always encourage
their users to select a good password. If your password is any word out
of a dictionary -- even a foreign dictionary -- or a common word that has
been modified in a simple way (such as by adding a period or numeral at
the end), then the chances are that a dictionary attack can break it in a
matter of seconds. Similarly, a password made up of personal information
(such as a birth date, a pet's name, or a favorite sports team) can be
easily discovered, added to a word list, and used in a dictionary attack.
We have all heard that passwords should be difficult to guess. When you
understand how passwords are stored on a Unix system and how password cracking
programs function, it's easy to understand why. A complex password leads to
far greater security, even if an attacker does get possession of the
computer's password file.
Mit folgendem Code, können Sie den Beitrag ganz bequem auf ihrer Homepage verlinken
Weitere Beiträge aus dem Forum Newcomer - Board
Steinator - gepostet von Steinator am Samstag 10.02.2007
Ähnliche Beiträge wie "Understanding Password Cracking"
invlid password - uNinho (Samstag 31.03.2007)
Komparsen für Schauspielrollen in Köln gesucht - joerg (Samstag 29.03.2008)
Understanding the Girl's Vocals - abbafreak (Donnerstag 30.11.2006)
PASSWORD zu Junge Lehrerin - natco (Samstag 18.03.2006)
Asterisk Password Reveal v.3.0 - yusufg (Donnerstag 07.09.2006)
Rebecca Ryman - Wer Liebe verspricht - Anna (Dienstag 25.03.2008)
Zip Password Cracker - krallar (Samstag 15.01.2005)
Password - Buffalo (Montag 07.05.2007)
PASSWORD zu MDaemon - natco (Freitag 17.03.2006)
Wie bekomme ich ein password? - Anonymous (Sonntag 04.06.2006)