Hacking Passwords

How Hackers Hack Your Password?


Hey everyone,
                       Today's topic is going to be really exciting as I m going to tell you how the so-called hackers actually crack our passwords. Any websites you visit asks you to enter your email id for subscription including ours and please subscribe and some websites asks you to register with them to view their content so registering on websites which doesn't have have a lock before their URL is not secure. Now moving on we enter our passwords on almost most websites and social media like(Facebook, Instagram, Twitter). So, are they really secure as the companies say or not lets explore.

How websites protect your passwords?

Websites protect our passwords by using a Hashing algorithm(an Encryption algorithm) to store them. The texts you enter as password for example "abc123" will be converted to its respective hash which might be a string of numbers and alphabets. There are many hashing algorithms which are SHA1, MD5, MD6, SHA25, TIGER etc. 

Hash of "abc123"

Take the example of Gmail or Facebook when you create a new user ID you are required to enter your name, age, DOB, gender and then your password. The details other than your password are stored in the backend server as the same but your password is hashed and encrypted and then stored. 

We may think hashing is random but it is not it has a fixed set of values for numbers, symbols and alphabets.

So, how hackers hack this encryption?

password and its hash

If a hacker managed to gain access to the back-end server of Gmail and he takes all your respective data and hashed password to login he will not be given access. Because the websites need the actual password to be entered on the login screen and not the hashed one. So he must convert the password to plain text form to gain access but this is highly impossible as the hash is a one way function and a hash cannot be converted into plain text form. Hash is designed in such a way to ensure safety. Feeling pretty secure about your passwords huh? just hold on.

The Hackers won't give up just yet as long as the strength of your password is good.
If you are using common passwords like "abc123", "12345", "A2Z" then the hacker may easily know the plain text format of the hash used.
Easily cracking simple passwords


Rainbow tables
Rainbow table
 
The rainbow tables contains the password hashes of numerous commonly used passwords along with their plain text form. So the hacker does a simple search with the hash he has with the rainbow table and if the hash matches he gets the plain text and he can successfully hack your password. The rainbow tables only contain very commonly used passwords like "abc123". To try this click here.

Now, what if the password is a really strong one like "72uhudsa#286@jk"? Then the hackers use dictionary attack and brute force attack.

Dictionary attack

 
In a dictionary attack there is big wordlist containing lots of passwords and if the hash of the password we want to crack matches with the one on the wordlist then the password is successfully cracked. We can also create our own list if we knew some specific details about the person like what he likes? what is his pet's name? or his favourite movie as people keeps their password based upon this the most. OOPS!
After forming the wordlist we can compare the hashes to find the password this is exactly how Elliot from Mr Robot cracks his neighbours' passwords.

Brute Force Attack

As the name says we are attacking by force. Each and every combination of letters, symbols and numbers are converted into a hash form and then compared to the password hash to be cracked. Depending upon the strength of password the time is required. We are literally taking every password that can exist and comparing it. A strong password like "72uhudsa#286@jk" will take almost a trillion years to crack whereas "abc123" will be cracked with a second.
A brute force attack on a strong password literally takes trillion years


Now a new method called salting is introduced for password protection. In this method, specific combination of characters is introduced in between your passwords and then stored so that hackers will have a really hard time cracking even a small password. For example "abc123" will be converted to "7@fabc7@f1237@f" and then converted to a hash form which is impossible to crack.

All this said hackers are finding new ways to hack passwords so to be on safer side change your password to a strong one by adding letters and combination. So that it will take years to crack and hope the hacker gives up.


Fact Flash:

A hacker named Kevin Mitnick was sent to solitary confinement for 8 months as somehow he managed to dial into the NORAD(North American Aerospace Defense Command) modem via the payphone from the prison and communicated with the modem by whistling to launch nuclear missiles. This genius should be appreciated.


To check the strengths and time required to hack your current passwords click here.


YOU CAN ALSO SUGGEST ANY TOPIC YOU NEED OR GIVE SOME   SUGGESTIONS IT WILL BE UPDATED WITHIN 48 HOURS.
.....................Keep Calm and Love Tech...................

Post a Comment

3 Comments