A password is a string of characters or a word that ensures user authentication. According to historical data, the first prototypes of passwords appeared in the Roman Empire in ancient times. Polybius, an ancient Greek historian, referred to wooden tablets with a watchword written on them used by the military. In case of computers, passwords have been used since 1961. During the same period, the first attempts to crack them were recorded. For example, Robert Morris offered to hash passwords for Unix operating systems. Now passwords are widely used. Given the beginning of web 2.0 era, when numerous websites have personal cabinets or directly provide access to a mass of personal data, authentication has become a must. So some web services offer user password generators right on their sites. Usually, authorization is made with the combination of a login/phone number/email and a password.
Currently, many websites have certain requirements for the selected password. For example, it must have a minimum of 6 characters with at least one digit. Such format is chosen for a reason, since the shorter a password, the more easily it can be found out automatically. The use of many numbers, special characters, and letters in different registers will give attackers really hard times. Don’t use popular simple passwords like “admin”, “1111”, “birth date” or “name_birth date”.
Hence, you should use automatic password generators. They will allow you to pick a reliable string of characters in a simple and quick way. Such programs work based on either a certain built-in formula or user-entered data. In the first case, a password generator provides a result using its internal algorithm, which doesn’t depend on user’s actions. In the second case, you can, for example, set a number of characters, the use of both registers, and indicate which characters to use (their type or a specific list). All password generators pick random characters, therefore, the passwords they create are more reliable than existing words or phrases.
Basically, there are two approaches to password cracking – cyclic entering of different passwords and hash analysis. In the first method, different variants of a password are successively entered into a system. An attacker hopes that one of them will match yours. The second case involves hash processing, which is usually made by other methods, for example, data interception.
The time needed to pick the correct password varies greatly depending on the type of access, the use of a captcha, blocking after a certain number of attempts, 2-step authentication etc. It also depends a lot on the length and complexity of a password and the hardware used for hacking. With the development of computer technology, password cracking has considerably speeded up. Now graphics processing units (GPUs) are used as they can produce much more combinations in less time than a CPU. One of the machines that beat password search record was the specifically developed "DeepCrack", which could generate up to 90 billion keys per second. Interestingly, such machines are tested with special password generators created for that.
The main methods of password cracking: