Whether you need to recover your forgotten password or crack one for unauthorized access, there have been some tricky and exhausted methods available in the past. Recently some new ways were developed using time-memory trade-off technique to quickly find a password on many new hash algorithms. As computer processors get faster, security upgrades to existing software are needed in order to provide better protection against these types of attacks. Many users don.t always use the most secure passwords in trade for ease to remember and often they can be cracked with even the simplest tools available. False sense of security is common when it comes to password selection and if you think yours is good enough you might be surprised to find out how easy it can be cracked. Hash types and their use A hash is a logically calculated string of characters against a given pass phrase which, when processed in reverse of specific algorithm, produce the exact same pass phrase back to original form. In order to safely store some type of verification signature of a password without actually writing it in plain text, complex hash algorithms were created. The table below represents some modern hashes calculated for a password .example.. Type Hash ... ... MD2 FD7A532A863C3394B89B38D18CF12073 MD4 E1821C366558728F70E054FBF9DB7B64 MD5 1A79A4D60DE6718E8E5B326E338AE533 SHA-1 C3499C2729730A7F807EFB8676A92DCB6F8A3F8F SHA-2(256) 50D858E0985ECC7F60418AAF0CC5AB587F42C2570A884095A9E8CCACD0F6545C RIPEMD-160 985F45734AFE26233807C7643271D12303BC7DF0 LM E9AF55BC61F05E33 NT 382C7BF814461D8D685CF7A7A06C8C8F MySQL323 3E04327A42E8C920 MySQLSHA1 57237BB49761F29AB9724BA084E811D70C12393D Cisco PIX XVRBUk9YthB4WrIu VNC Hash 5FAEBBD0EF0A2413 Each hash has its own formula of calculation. Longer hash string could mean that the hash type is more secure but this is not always the case. One problem, but rather a necessary function for verification in all of the hash algorithms above, is that they give out a signal when the correct pass phrase is given to them. Unavoidably the hash string is exposed at the time of verification and can be stolen by intruders often using a simple program. Further, it can be analyzed against many types of attacks and eventually broken to reveal the pass phrase used to create it. The only security provided to the victim is his/her pass phrase complexity and the hash type used. Dictionary attack Probably the most conventional way to crack a password in which the list of words found in a dictionary are used to try every possible single word. There are many different dictionary lists available besides the typical language specific such as the lists of names, slangs, acronyms, abbreviations, contractions and many other different forms of language use. Some new attacks also include 2-3 digits and/or other character combination added to the beginning or the end of every word attempted for every list. The other, a bit slower process is the use of case changing of each letter in all available dictionary lists in every possible position and combination for each word. For any of the above, a system with approximately 3 GHz processor and 512MB of RAM, can breeze through all attempts in no more than a few minutes to few hours. Obviously, not all passwords are made of dictionary words. Brute force attack This used to be the last option short of guessing the password for yourself. The program attempts to crack the hash trying all possible combinations of characters in a specified length. While this task can be fast enough to hit 5 to 6 million 7 character combinations in one second, it can be anywhere from few days to few years before all are attempted. However, options such as indexing only lowercase and upper case letters or numbers, can reduce the time processing significantly. The use of multiple computers can also save on some character crunching time where one system looks up all 5 to 6 character combinations while the other checks for 6 to 7 and another for just 7 length characters. But it seems like much of this processing time is wasted on just trying to crack one password at a time. Doing this for two passwords at the same time will do the job in half and even less if more passwords are included. But does it really save time if you just need one password? Is there another way? Cryptanalytic time-memory trade-off attack This new method used by RainbowCrack was described first by Martin Hellman back in 1980 where a simple text based table is used to simply look up the hash results. Later it was improved by the introduction of distinguished points which reduce the search time in the table. Instead of trying to calculate the hash for pass phrase attempts in real time, a table with all combinations and their resulting hashes is created upfront. Hash strings are stored in an index searchable sequence and once given a hash string to crack the program quickly indexes directly to the place in the table and gives the associated pass phrase. Obviously to store all possible hash results for a given length of characters, hash tables can take a very long time to produce and often take a large amount of space to store. However, once a table is created, cracking even the most complex passwords is almost instantaneous. There are many tables already available for download around the internet. The most popular are for the LM Windows based hash algorithm. Because the LM hash algorithm splits the pass phrase in to seven characters and converts all lower case letters to upper case, the table calculation needed is only seven characters long and pass phrases of any 14 characters or less can be instantly cracked. The new NT based hash implemented in to Windows 200, XP and other alike is much more secure. Sadly, Microsoft decided to include the LM hash calculation along with the new NT hash for network compatibility of older Windows 9X systems which is on by default. To turn off this option and make Windows stop storing LM hashes edit the registry at HKLM\SYSTEM\CurrentControlSet\Control\Lsa and create a key (not a value) called NoLmHash, reboot your machine and reset all your passwords. With the recent introduction of BitTorrent more and larger hash tables are beginning to popup all over p2p networks. The ability to process large amounts of characters is also gotten more affordable and easily distributable across networks. One of the most strongly funded and capable organization to be able to handle such projects is the US government or .The Big Brother.. To calculate and store tables for most demanding hashes with a lengthy pass phrases for those who have the resources, it could take a few days on a few hundred networked PCs. But imagine the workings behind an undertaking such as the SETI project where a computer program which uses hundreds of thousands of PCs around the world to process data and store results only to make it available to the host server. A server with a web based interface to crack passwords in real time using the data across all participating PCs. Now imagine a computer virus which does the same but maliciously spreads globally infecting millions in just a few days. Protect yourself Password cracking programs allow for group character selection to minimize on processing time. Usually they are: * 0123456789 * abcdefghijklmnopqrstuvwxyz * ABCDEFGHIJKLMNOPQRSTUVWXYZ * !@#$%^&*()-_+= * ~`[]{}|\:;.<>,.?/ Choosing a password that includes at least one character from each of the five groups will keep a brute force attacking program guessing for a long time. Try coming up with your own words such as those that have never been spoken by anyone and certainly are not found in a dictionary. The above list is also made of characters that can be typed on a standard keyboard but there are many other ones found in windows character map which could be preset to be typed by a combination of keys. In the future, passwords might be replaced with new fingerprint scan, face recognition, retina scan or other biometric security verifications. But before passwords are long gone they will become .pass sentences. for those in need of tight security.