Password attacks are one of the most common types of cyber attack the world is currently facing. Data breaches are happening daily and maybe your password is floating around in the dark web right now and you might not even be aware of it. That’s how scary it is.
Let’s discuss the various types of password attacks so you are aware of it and can take the necessary precautions.
- BRUTE FORCE ATTACK
The basic function of a brute force attack is to guess the passwords and possibly usernames. Manually guessing passwords is not really effective because it can take so much time, and can be extremely tiring. So what bad actors do is, they automate this process using a program or a script that tries different passwords given to it. These passwords are usually the ones that are accumulated in a data breach. The people who don’t change their passwords at least on a 30 day basis fall victim for this.
Some popular tools used for brute force attacks : hydra, medusa, patator
2. DICTIONARY ATTACK
Dictionary attack, similar to a brute force attack, is an automated process of trying out different passwords which are the most common ones used by people on authentication portals. Most dictionary wordlists would consist of credentials gained from previous data breaches or hacks, even though they will also contain the most used or commonly used passwords and word combinations. This kind of attack targets the individuals who will use easy to remember phrases as passwords.
Some popular tools used for dictionary attacks : Aircrack-ng, john the ripper, Cain and Abel etc.
3. MASK ATTACK
The goal of a mask attack is to drastically reduce the time it takes to crack a password. While brute force attack tries all password combinations mask attack can be given specific instructions with the information you know on a password. For example, if you know a password starts with a letter and ends with a number you can specify this information, the amount of time and processing power can be drastically reduced.
4. RAINBOW TABLE ATTACK
Most systems store passwords in the form of hashes. Because it is very dangerous to store passwords in plain text format. When an individual inputs a passphrase for authentication, the system computes the hash value for the provided passphrase, and that hash value is compared to the stored hash in their database for that user. Authentication is successful if the two hashes match. Rainbow tables are one type of tool that have been developed to derive a password by looking only at a hashed value. Rainbow tables are not always the go to method as there are more straightforward methods of plaintext recovery available. Like the methods we discussed, brute-force attacks and dictionary attacks are the most straightforward methods available. But, these are not the usable way for systems that use long passwords because of the difficulty of storing all the options available and searching through such an extensive database to perform a reverse lookup of a hash. Much of the calculation is done before the attack takes place, making the process much faster. The negative aspect in this for cyber criminals is that the space required for the possible combinations means rainbow tables can be huge in size, often hundreds of gigabytes in size.
Made by retrymp3 ig: @retrymp3
Reference links :-
https://www.itpro.co.uk/security/34616/the-top-password-cracking-techniques-used-by-hackers
https://en.wikipedia.org/wiki/Rainbow_table
https://www.alphr.com/features/371158/top-ten-password-cracking-techniques/
https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/#Password%20attack
