4reg.net HOME

Solution Graphics

Callback Service

eMail*
Name*
Fon*



Password Check


How are password crack programs working?

During the registration procedure to an operating system passwords are normally stored and transfered only in encoded form. The entered password is converted by means of a one-way function (Hash). For one-way functions there is no inverse function with which from the coded character sequence the original password can be reconstructed.

With generating a new password the associated coded character sequence is stored on the system. For the future registration to the system users must enter their passwords as input into the one-way function. If the resulting initial value agrees with the value put down on the system, the access is permitted, otherwise not.

Who wants to find out the original password associated to a coded password, has to guess so long passwords and/or vary the input values of the one-way function until the initial value results as the coded password.

Password cracking programs can change the inputs importantly faster than you. These programs proceed with different strategies:
  • With dictionary attacks enormous word lists are tried one after the other. This leads frequently fast to the given initial value, because many people take the term "Password" too literally and evenly select well-known words or names. Dictionary attacks are very simple to program and run extremely fast. They find each password, which is contained in the word list.
  • With so-called brute force attacks (also mentioned "exhaustive search") all possible combinations of indications (from a selected character set) are tried one after the other. Brute force cracker are theoretical able to find any password. Depending upon used character set and length of the selected password the search can last for a extremely long time.
  • There are also crack programs which drive through a combined dictionary and brute force attack (called "hybrid cracker"). Hybrid cracker are scanning word lists and additionally add all combinations of a selected character set to the words (in front and placed behind). It is also conceivable, that hybrid cracker allow for the frequently used background to replace letters by indication (e.g. letter "O" through "0" or letter " S" through "$"). Hybrid cracker find passwords frequently faster than pure brute force cracker because many computer users use well-known personal terms like names, localities, dates of birth, car and telephone numbers as well as terms, which occur in the encyclopedia as passwords. Thus also password generations such as stephan1, stephan2, etc. do not offer the necessary protection.

How do unauthorized ones get a password?

Unauthorized ones can get passwords not intended for on different ways. One method is guessing the password:
  • Many users use words which they can note easily (e.g. from their personal environment). Thus the simplest and usually also fastest method in order to get access on a computer-system is guessing a password.
  • Simple or short passwords can be tried one after the other systematically (brute force attack). The chance of success with this method depends very strongly on the internally system password defaults (e.g. account blocking after three unsuccessful attempts).
Passwords can be picked out also from the system or along-pursued during the transmission.
  • In script or configuration files and/or in password lists deposited passwords can be picked out.
  • Keylogger are used in order to log and supervise the inputs of the users at a computer or reconstruct thus. Keylogger are used also by unauthorized ones in order to get entered passwords.
  • Via email customers are lured on falsified websites, which look very similar to the genuine. With the request to enter the User-ID and the password unauthorized ones get in such a way of access data.
  • Most providers offer their customers additionally for the conventional internet access an access over a so called proxy server. Thus the net load of the provider is reduced and the web access is accelerated. In companies however over such proxys the Internet use behavior of the coworkers is usually limited and/or controlled. Anonymous services, which help the users to protect their anonymity in the Internet, likewise work with this proxy technology. All inputs can be stored in such a way in the log files of a proxy server. By a purposeful evaluation of these log files unauthorized ones can get in such a way passwords even if the web access is done by SSL (https).
  • A Sniffer is a software, which can control (receivee , store, represent and if necessary evaluate) the data traffic of a network. With such sniffers likewise transferred passwords can be along-read. If the transmission of passwords takes place as for example with unencrypted eMail, it is in this way simple for unauthorized ones to get at passwords.
Password crack programs can be used in order to convert selected coded passwords again into a readable form.

What is the password check?

The password check is a tool to check the complexity and/or quality of passwords. By simulation of the functions of usual password crack programs you can measure how long it would last to crack your password.

Passwords are used in order to allow the owner of a certain password the access to computers or other computer systems. It should be guaranteed, that the password remains top secret and cannot be simply guessed or reconstructed. Who wants to ensure the fact that nobody comes into the possession of his password, must obey certain basic rules. This belongs, that the password is sufficient complex, so that it not can be decoded with simplest means.

What makes the password check, what does it not make?

The passwords are examined by a given pattern by us (among other things minimum length, small/capital letters, numbers, etc.). Thus one measures as many attempts would be necessary in order to crack your password. Please note however, that we compute only the number of necessary attempts (=number of all possible combinations) and a hybrid password cracker possibly the decodes the password substantially faster among other things by word lists.

Consider the following rules with the choice of your password, in order to achieve a greatest possible security:
  • minimum length of 8 characters
  • optimal length is 10 characters
  • minimum one small letter
  • minimum one capital letter
  • minimum one punctuation or one special character
  • minimum one number
  • maximally 2 characters in consequence (e.g. "sss" results in a deduction)
  • maximally 2 characters of the keyboard in consequence (e.g. "qwertz" results in a deduction)
  • maximally 2 characters of ABC and series of numbers in consequence
  • password is not simply derivable from the defined English-German dictionary
The password check gives you no warranties, but represents only a tool in order to increase the security of the password selected by you.

You have a question?


Related Links

german versionenglish version
   
»»» Sign-Up NOW! «««  |  »»» LOGIN «««
©1997-2017 by IT-NetContent Cyprus |  Imprint |  Privacy Policy |  Acceptable Use Policy |  General Conditions |  Sitemap