The IT Law Wiki

Password cracker

32,060pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

A password cracker is

[a] software program designed to conduct an automated brute force attack on the password security controls of an information system by “guessing” user passwords.[1]
[a]n application that tests for passwords that can be easily guessed, such as words in the dictionary or simple strings of characters (e.g., "abcdefgh" or "qwertyuiop").[2]

Overview Edit

Most cracking utilities can attempt to guess passwords, as well as performing brute force attempts that try every possible password. The time needed for a brute force attack on an encoded or encrypted password can vary greatly, depending on the type of encryption used and the sophistication of the password itself.

Once a weak password is discovered, an attacker can enter the computer as a normal user and use a variety of tricks to gain complete control of the computer and network.

While used by intruders, such programs are invaluable to systems administrators. Systems administrators can run password-cracking programs on their encrypted password files regularly to discover weak passwords.

References Edit

  1. Internet Banking: Comptroller’s Handbook, at 79.
  2. Practices for Securing Critical Information Assets, Glossary, at 56.

See also Edit

External resource Edit

Also on Fandom

Random Wiki