Definitions[]
A password cracker is
| “ | [a] software program designed to conduct an automated brute force attack on the password security controls of an information system by “guessing” user passwords.[1] | ” |
| “ | [a]n application that tests for passwords that can be easily guessed, such as words in the dictionary or simple strings of characters (e.g., "abcdefgh" or "qwertyuiop").[2] | ” |
Overview[]
Most cracking utilities can attempt to guess passwords, as well as performing brute force attempts that try every possible password. The time needed for a brute force attack on an encoded or encrypted password can vary greatly, depending on the type of encryption used and the sophistication of the password itself.
Once a weak password is discovered, an attacker can enter the computer as a normal user and use a variety of tricks to gain complete control of the computer and network.
While used by intruders, such programs are invaluable to systems administrators. Systems administrators can run password-cracking programs on their encrypted password files regularly to discover weak passwords.
References[]
- ↑ Internet Banking: Comptroller’s Handbook, at 79.
- ↑ Practices for Securing Critical Information Assets, Glossary, at 56.