“When he reached the entrance of the cavern, he pronounced the words, 'Open Sesame!', and the door opened.”
- The Arabian Nights, Alibaba and Forty Thieves.
Passwords are the most common mechanism used to implement authentication. They have been used with computers from the earliest days. Password authentication is easy to implement, does not require complicated hardware or much processing power. Passwords are also non intrusive (as compared to biometrics) and easily changed. While password authentication is simple, is also suffers from several vulnerabilities which can be broadly classified under human and technical factors.
In this module, we will focus on the technical factors. For a digital forensics investigator, it is important to be aware of these vulnerabilities as well as the tools and techniques used to exploit these vulnerabilities to compromise/recover passwords. We will cover the use of hashing in protecting passwords, various approaches to cracking passwords, some tools and techniques used in password cracking and finally the use of salts and expensive hashing algorithms to defend against some of the technical attacks.
Download the following real collections of leaked password hashes from popular web sites and compromise as many passwords as possible. While neither collection can be cracked in a straight forward manner, you should be able to find necessary hints by searching the Internet.
You must Sign-In to post a comment.