How do computers crack passwords?
How to crack your forgotten password
Fritzbox or Windows password, online account or Android - no matter which password you have forgotten or lost, this is how you crack lost passwords.
The preliminary remark is important: This article is not about spying on or intercepting passwords in order to gain access to third-party data - expressly not as a "desired side effect"! Rather, we want to show how you can get your data back for common devices, software, encrypted data formats and online accounts if you have locked yourself out.
This is not so unlikely, because after a two-week vacation, some PC users should no longer be able to remember their Windows password. Not to mention a zip archive that was encrypted years ago or the various Internet access points that have accumulated over the years. And if you don't always use the same password - which is strongly discouraged - or organize your access codes perfectly, you need help with remembering or resetting.
See also:The best tricks for a strong password
Passwords: the strength, the crack risk and some theory
The security of passwords and thus the risk of your own access codes being cracked are an extremely complex matter. Beyond all theory, developments over the past few years have had a significant impact on the likelihood of your passwords being outwitted and thus gaining personal data, shopping accounts or even your entire digital identity. A long password with various tricks is only supposedly secure - we'll show you why.
On the one hand, the available performance of a small network of computers with two dozen graphics cards is so great that even an eight-digit password can be cracked after a few hours simply by trying it out. It can now be argued that increasing the password length drastically increases the number of attempts and thus the time for such a brute force attack.
That is true, but only in theory. Because the hackers have long been using other methods, and even rainbow tables, which have already stored a large number of password hash values and thus considerably shortened the time for an attack, have lost their importance.
Lists with access codes accelerate the hacker attacks
Not least because of the numerous online break-ins in recent years, in which the data of millions of customers was partly stolen with the access codes in clear text and later leaked, a vast number of common passwords are known.
You only need to combine these with multilingual, complete dictionaries in order to then carry out attacks with these “most likely” expressions: A few million expressions are processed faster than a quadrillion of systematic attempts. But that's not all, because the captured lists also show much-used patterns. Simple phrases like "12345 ..", "Password" or the names of partners, children or pets are on the decline, but simple changes to common words and other patterns are still the order of the day. For example, the replacement of letters according to the “1337 Speak pattern” is popular: The “pocket calculator” then becomes “745ch3nr3chn3r”, and even the frequently used extension with the service or domain name would result in an expression at the online retailer Amazon 21 positions. Such an access code is still of little value because such “rules” have long been taken into account in dictionaries.
In addition, there are insecure systems: Android blocks the lockscreen for just 30 seconds if an incorrect unlock code has been entered five times. If the entries are made automatically, a 4-digit combination is outwitted after 17 hours at the latest. The keyboard robot USB Rubber Ducky (35 euros) does this automatically. Only the new Android version 6.0 ("Marshmallow") increases the protection somewhat; iOS and Windows Phone are much safer here.
Locked Out: How to Reset Your Online Account Passwords
We have now presented some background information on passwords, including attacks, and the box below explains the various options for creating passwords. Now it's about resetting passwords. A common and at the same time simple case are online accounts from A for Amazon to Z for Zattoo. All these services allow the password to be reset via the stored email address. The individual link then contained in an automatically generated message gives the user the opportunity to set a new access code. This illustrates the central importance of the mailbox used: if an attacker knows the password for this account, he can easily access other services using the reset function. Choose particularly secure protection here.
In addition, there are other fallback mechanisms such as generating a security code via app or sending via SMS. This is a way that is independent of the PC and the Internet. Google and other companies even allow such a two-factor login as a standard method; it can be set up in the account settings. Standard questions, such as those about your favorite food, the name of your mother or the primary school, offer hardly any effective protection. Because the answers - provided you answer them truthfully - are often easy to find out through social engineering.
On the one hand, forgotten access codes for online services can be easily reset and thus "cracked", on the other hand, unlike offline attacks, companies quickly notice systematic attacks because they run through their infrastructure. Significantly more danger threatens when thieves break into the IT systems of such companies, steal customer data and then attack them offline without being noticed. Here you have all the tools and time in the world.
Web authentication:Why the password won't die out anytime soon
Hacker paragraph: tools to crack allowed?
According to Section 202c of the Criminal Code, spying on or intercepting passwords with the aim of gaining access to further data is prohibited. This also applies to the corresponding software: Anyone who creates computer programs whose purpose is the commission of such an act, procures them, sells, transfers, disseminates or otherwise makes accessible to another person will be punished with imprisonment for up to one year or with a fine, it says in the current criminal code ("hacker paragraph").
Then aren't all of the cracking tools listed illegal? No, the Federal Constitutional Court ruled. "Dual Use Tools", which can be used both for the security analysis of networks and for the commission of criminal offenses according to the provisions of the Criminal Code, do not represent suitable objects in the sense of § 202c. This type of software was not developed with the intention of doing so The Karlsruhe judges ruled that they were to be used for spying on or for intercepting data. However, you may only use the software to crack your own passwords - otherwise you will be liable to prosecution!
Microsoft Office password cracker
Word, Excel and Powerpoint offer to encrypt a document and to provide it with a password, without which it cannot be opened. To do this, click on “File” in the current versions and then in the “Information” section you will find the command “Protect Document” (Word), “Protect Workbook” (Excel) or “Protect Presentation” (Powerpoint). Please select the option "Encrypt with password" to save the file.
This password protection has been around in Office for a long time. Up to version 2003 he used a 40-bit long key that could be cracked relatively quickly. From version 2007 Microsoft built in the encryption method AES-128 with the hash function SHA-1. Since Office 2013, the programs have been using AES-128 with SHA-2, an encryption that can only be cracked with considerable effort. For this reason, the available password crackers for the most part only work with the older versions of the Office files.
Warning: cost traps
- Grow the German language
- Are similar to Brunei and Singapore
- Did Ronaldo win the Champions League
- What is your favorite Indian airline
- What is the difference between cream and lotion
- Did John Lennon beat his children
- What is a so called false christian
- Are there conservative atheists in America
- What religions and civilizations worship nature
- Why are prehistoric creatures always very large
- Why is India not attacking Pakistan because of PoK
- What song would be your nightmare subject
- Why do Kashmiri hate modes
- What quality distinguishes Indians from others
- Who is the most dangerous person alive
- What causes borderline autism in adults
- What is an aesthetic answer
- Can a child own property
- Smoking weed causes dark circles under the eyes
- Why doesn't Mark Zuckerberg date supermodels
- What if Germany weren't united until now?
- What makes Israel's military so strong
- What is cocaine street value
- How did Vincent Van Gogh paint