In this video, we'll see how hackers really crack passwords.
This video is edited with Filmora video editor, get it here : https://goo.gl/RtmNC5
DISCLAIMER : This video is intended only to educate people about how hackers crack passwords, and how important the strength of the password is, when coming to security.
If you are using a common password like test123456 which I used in the video, then the hacker will easily be able to know the plain text form of your password from the hash string. There is something known as Rainbow tables. These rainbow tables contain the password hashes of numerous commonly used passwords.
So the hacker will be to do a simple search with the password hash that he has, and if the password hash exists in the rainbow table, then that means the password is successfully cracked, and we have the password in a plain text. Remember that rainbow tables contain the password hashes of only the passwords which are commonly used.
As a reference, you can go to https://crackstation.net/
If the password is not a commonly used password, then there comes dictionary attack and brute force attack.
In dictionary attack, you have a wordlist. A wordlist is nothing but a huge text file with loads of passwords. In this attack, the hacker writes a code which compares the password hash to be cracked, with the password hash of each and every password that exists in the wordlist. Now, this attack can be target-specific as well. which means we can build a wordlist targeting an individual provided that we know some basic details about him/her.
In a brute force attack, each and every combination of letters ,symbols and numbers are converted into their hash forms, and are then compared with the hash to be cracked. This is a more expensive.
A new technique called salting is introduced by security analysts to give hackers a hard time in cracking passwords.
In this technique, a specific combination of characters are inserted at specific positions of the plain text password before hashing.
Every company has its own salting algorithm, and they don’t make their salting algorithm public
For example, kets say Facebook salting algorithm inserts the string f&2p at the beginning, after the third character, and at the end of the plain text password.
After salting the password, the salted password is then hashed by a hashing algorithm.
So when salting is used, rainbow tables are of no use even if the password to be cracked is a weak commonly used password. Because the hashe of the password without salting do not match the hash of the password which is salted
Also, brute force and dictionary attack are not effective to crack salted passwords unless the hacker already knows the salting algorithm employed by a company.
Visit my website : https://techraj156.com
Like my Facebook Page : https://fb.com/techraj156
Follow me on Instagram : https://instagram.com/teja.techraj
Follow on Twitter : https://twitter.com/techraj156
For written tutorials, visit my blog : http://blog.techraj156.com
SUBSCRIBE for more videos!
Thanks for watching!