By cracking a hash, one has compromised another user’s authentication information. A hash can be cracked by guessing the password, hashing each guess, and comparing the guess’s hash with hash that’s getting cracked. If they are equal, the guess is the password.


Use files containing words, phrases, passwords, or any other string likely to be used as a password. Due to each word in the file being hashed, it can be compared to the password hash. If they match, that word is the password.


Tries every possible combo of characters until certain length. The password will eventually be found. However, it is best to have your password be a length that is deemed to long to be worth searching through all possible character strings.


Effective with cracking hashes of the same type. Pre-computes hashes of passwords in a password dictionary and stores them in a lookup table data structure.


Applies a dictionary or brute force attack on multiple hashes at once without having to pre-compute the hashes. A lookup table is made to map password hashes from a user’s database to a list of users who have had the same hashes. Each password guess is hashed and compared with the list of users in the lookup table to see who’s password was the attacker’s guess.


Time memory trade off technique. Similar to lookup tables except they have less cracking speed in order to have smaller lookup tables. This allows solutions to more hashes be stored in same amount of space.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.