|
|
|
Business Continuity and Disaster Recovery - Business Impact Analysis
Business impact analysis is a critical part of the business continuity planning process. This step quantifies data and gets into the real world issue of potential losses that can negatively impact your business. It is used to understand the most...
Business Continuity and Disaster Recovery - Reducing Your Risk Profile
Like all plans, there is an ultimate goal to achieve. The goal in a business continuity plan is simply that: to continue your business in the face of a disaster or a disruption. A business continuity plan is not just for a disaster. It’s also...
Compensating for Disruptions in the Oil and Gas Industry
Compensating for Disruptions in the Oil and Gas Industry
Hurricane Damage, Shut-Ins and High Energy Demands Put Pressure
on Oil and Gas Supplies
By Ann-Marie Fleming, www.NaturalGasStocks.com,
www.OilandGasStockNews.com October 2005...
Great Site Ranking In Google The Secret's Out
How many years did you register your domain name for? If it was only one then Google could hold that against you. Why? Because the majority of Spam websites only register a domain name for one year. A domain name registered for a longer...
How to Prevent Computer Security Risk and How to Keep Your Small Business Safe
You know that computer security is important to your small business. But do you know exactly what you need to do today to protect your business? Do you know all of the risks to your business computer system? Do you know the steps you need to take to...
Improving SQL Performance
How do you know how much hardware is really needed by your applications? And what do you do when your applications are overloading your system? The answer lies with improving your SQL performance. You have to tune your hardware SQL server and...
Protect Yourself Before Your Hard Drive Crashes
Almost everyone who has used a computer has experienced a hard drive problem at some point. Are you prepared to lose your data? If your hard drive crashes right now, do you have an action plan to follow?
Most people get complacent about...
Scalability testing: 7 steps towards success
Systems that work well during development, deployed on a small scale, can fail to meet performance goals when the deployment is scaled up to support real levels of use.
An apposite example of this comes from a major blue chip company that...
You Need To Backup
It doesn’t matter if you paid $500.00 or $2000.00 to purchase a new computer for your home or business; you will defiantly want to have some kind of insurance and backing up your computer is the best form of protection there is. There are...
YOUR PRIVACY EXPOSED! Computer Forensics International uncovers secrets about recycled hard drives
FOR IMMEDIATE RELEASE Contact: Stacey Kumagai, Media Relations Phone: 818/506-8675; Email: mediamonster@yahoo.com YOUR PRIVACY EXPOSED! Computer Forensics International uncovers secrets about recycled hard drives Los Angeles, CA --- Privacy...
|
|
| |
|
|
|
|
|
|
Background Of Password Cracking
Passwords to access computer systems are usually stored, in some form, in a database in order for the system to perform password verification. To enhance the privacy of passwords, the stored password verification data is generally produced by applying a one-way function to the password, possibly in combination with other available data. For simplicity of this discussion, when the one-way function does not incorporate a secret key, other than the password, we refer to the one way function employed as a hash and its output as a hashed password. Even though functions that create hashed passwords may be cryptographically secure, possession of a hashed password provides a quick way to verify guesses for the password by applying the function to each guess, and comparing the result to the verification data. The most commonly used hash functions can be computed rapidly and the attacker can do this repeatedly with different guesses until a valid match is found, meaning the plaintext password has been recovered.
The term password cracking is typically limited to recovery of one or more plaintext passwords from hashed passwords. Password cracking requires that an attacker can gain access to a hashed password, either by reading the password verification database or intercepting a hashed password sent over an open network, or has some other way to rapidly and without limit test if a guessed password is correct. Without the hashed password, the attacker can still attempt access to the computer system in question with
guessed passwords. However well designed systems limit the number of failed access attempts and can alert administrators to trace the source of the attack if that quota is exceeded. With the hashed password, the attacker can work undetected, and if the attacker has obtained several hashed passwords, the chances for cracking at least one is quite high. There are also many other ways of obtaining passwords illicitly, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, timing attack, etc.. However, cracking usually designates a guessing attack.
Cracking may be combined with other techniques. For example, use of a hash-based challenge-response authentication method for password verification may provide a hashed password to an eavesdropper, who can then crack the password. A number of stronger cryptographic protocols exist that do not expose hashed-passwords during verification over a network, either by protecting them in transmission using a high-grade key, or by using a zero-knowledge password proof.
About the Author: David and his team developed Article Post Robot, http://www.articlepostrobot.com, the software which can post articles to hundreds of article sites and mail lists automatically.
Source: www.isnare.com
|
|
|
|
|
|