Can anyone crack a password

Answer 1

Passwords arent meant to be cracked, that is why companies spend billions on encrypting files and sites etc. However, there is password cracking software out there such as 'brute force hackers' which search through dictionaries to attempt to find the correct word/key. This process is usually very labourious and fruitless so unless its a matter of life and death I wouldn't bother attempting it.

Just to nitpick, a brute force attack doesn't search through dictionaries.

A dictionary attack would pull words out of a list (such as a dictionary) and will try them either separately or in random combination. If, for example, your password is "Pizza", a dictionary attack would go through a list of words. If someone were to check your password hint which was "My favourite food", they might try a list of foods.

A brute force attack would simply start with the letter A, then try B, then try C, until it got to Z, then it would try AA, AB, AC and so on. I believe the term "Brute Force" refers to the fact that it doesn't rely on any "intelligence" on the cracking computer's behalf, only the raw processing power required to churn out as many attempts as possible.

In my personal experience, dictionary attacks are much faster than brute force attacks, but rarely ever work. Brute force attacks *will* eventually work, but only if you give them enough time. I've been able to crack a five letter password (no numbers or symbols) on a Windows XP user account in about 30-50 seconds on a Pentium 4. A six letter password on similar hardware takes about 2-3 minutes. Each character you add will exponentially add time to how long it will take to crack. For example, if your password is one letter long, that's 26 combinations. If your password is two letters long, that's 26^2 (676 combinations). Three letters, 26^3 (17576 combinations). Most "secure" passwords require at least six characters, one number and they encourage use of symbols. Take the standard 26 letters, 10 numbers (0-9) and, say another 10 symbols. That's 46 possible characters in a six character password. 46^6 comes out to 9,474,296,896 or roughly 9.5 billion different passwords that it could be (and that's just assuming the password is only 6 characters).

You also need to consider what is being cracked. Most websites and other similar password applications easily put a stop to this by locking you out of an account after you get the password wrong a number of times. Just to give you an idea of how effective this lockout policy is, if we assume every three incorrect attempts on a website will lock you out for 30 seconds, and the website requires at least six letters, one number and one symbol (which is our example above with 9.5 billion possible passwords) 9.5 billion divided by 3 password attempts times 30 seconds comes out to.. 94,742,968,960 seconds. That's roughly 3004 years not including any extra overhead like the time it takes your computer to generate the passwords or how long it takes for the website (or computer being cracked) to respond.

A user account on a computer will typically lock you out after several tries, but they will usually give you what they call the password hash which can be cracked without the computer you're trying to get in to.

There are many different technologies behind how passwords are designed. How a password is cracked usually depends on what it is you're trying to crack.