Password-cracking techniques – Brute force attack, Dictionary attack, Mask attack
Some of the most common, and most effective, methods for stealing passwords
Although many attacks today involve attempts to trick users into handing over their sensitive data, there are plenty of techniques available that allow hackers to be a little more aggressive.
Below are a few examples of some of the tactics used to proactively hunt for passwords, techniques that have only grown more effective with the growth of automation software.
4. Brute force attack
Brute force attacks refer to a number of different methods of hacking that all involve guessing passwords in order to access a system.
A simple example of a brute force attack would be a hacker simply guessing a person’s password based on relevant clues, however, they can be more sophisticated than that. Credential recycling, for example, relies on the fact that many people reuse their passwords, some of which will have been exposed by previous data breaches. Reverse brute force attacks involve hackers taking some of the most commonly used passwords and attempting to guess associated usernames.
Most brute force attacks employ some sort of automated processing, allowing vast quantities of passwords to be fed into a system.
5. Dictionary attack
The dictionary attack is a slightly more sophisticated example of a brute force attack.
This uses an automated process of feeding a list of commonly-used passwords and phrases into a computer system until something fits. Most dictionaries will be made up of credentials gained from previous hacks, although they will also contain the most common passwords and word combinations.
This technique takes advantage of the fact that many people will use memorable phrases as passwords, which are usually whole words stuck together. This is largely the reason why systems will urge the use of multiple character types when creating a password.
6. Mask attack
Where dictionary attacks use lists of all possible phrase and word combinations, mask attacks are far more specific in their scope, often refining guesses based on characters or numbers – usually founded in existing knowledge.
For example, if a hacker is aware that a password begins with a number, they will be able to tailor the mask to only try those types of passwords. Password length, the arrangement of characters, whether special characters are included, or how many times a single character is repeated are just some of the criteria that can be used to configure the mask.
The goal here is to drastically reduce the time it takes to crack a password, and remove any unnecessary processing.
In This Article
- 1The top 12 password-cracking techniques used by hackers
- 2Password-cracking techniques – Brute force attack, Dictionary attack, Mask attack - currently reading
- 3Password-cracking techniques – Rainbow tables, Spidering, network analysers
- 4Password-cracking techniques – Offline cracking, shoulder surfing, guessing
BCDR buyer's guide for MSPs
How to choose a business continuity and disaster recovery solutionDownload now
The definitive guide to IT security
Protecting your MSP and your customersDownload now
Cost of a data breach report 2020
Find out what factors help mitigate breach costsDownload now
The complete guide to changing your phone system provider
Optimise your phone system for better business resultsDownload now