In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form. A common approach (brute-force attack) is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.
The purpose of password cracking might be to help a user recover a forgotten password (due to the fact that installing an entirely new password would involve System Administration privileges), to gain unauthorized access to a system, or to act as a preventive measure whereby system administrators check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence to which a judge has allowed access, when a particular file’s permissions are restricted.
Password Recovery Services
When data is inaccessible due to a lost or intentionally hidden password, several recovery options exist.
In many instances, password recovery engineers can refine standard heuristical rules to run through likely solutions or use parts of remembered passwords to construct a more effective model. This is completed via a detailed audit, which identifies likely components of the password (and just as importantly, unlikely components of the password).
When a program uses hashing to store a password, additional options may exist. In encryption, hashing is a security method that condenses a message into a fixed-length value, and it’s commonly used to store passwords. Hashed passwords are difficult to obtain, but certain hashing methods can be reversed by trained engineers. Specialized hardware allows our team to input anywhere from 10,000 to 40 trillion hashes per second.
Passwords with instant recovery possible
Ever hidden the front-door key under a doormat “just in case”? Believe it or not, many passwords (as well as actual encryption keys) are stored alongside with the data they are designed to protect. Unsurprisingly, this strategy has a name of “Keys Under Doormats”. When using this strategy, the data is encrypted, meaning that accessing it without the key (by resetting or removing the password, for example) is not possible. However, the very fact that the key is accessible alongside with the data makes the decryption instant (if not always trivial).
- Data: Encrypted
- Password: Stored alongside with the data
- Data access: Instant, password can be extracted and used for decryption
Examples of such strategies are many. iCloud backups produced by your iPhone, for example, are securely encrypted with industry-standard AES256 encryption. The decryption keys are stored on a different physical server (so at least the data is protected against physical break-ins), but easily accessible when you’re pulling the data chunks.