Password Cracking Systems - Research Paper Example

?Password Cracking Systems Table of Contents Password cracking is a process of accessing a computer system, network, or resource with or without making use of software applications to open a resource that has been locked with a password. In this scenario, a password cracker is a tool that is used to crack the passwords. A cracker uses a variety of tools, techniques or applications in order to get access to the system, resource or a network (Shimonski, 2002), (Liden, 2011) and (Alexander, 1997).This paper discusses the password cracking systems in detail. This paper outlines the ways a password cracking system works and their possible features. INTRODUCTION E-authentication (Electronic authentication) is a way of authenticating the client identities offered to an information system via electronic means. However, the e-authentication can create a technological issue for the reason that this procedure engages the remote or distant verification of particular people by using a digital communication network, intended for the idea of electronic administration and business. In fact, this idea offers practical directions to the corporations to authorize a single person to distantly confirm his/her uniqueness to a Federal IT arrangement. However, this way of management tackles simply customary, extensively applied techniques intended for remote verification based on secrecies. Moreover, through these techniques the person who has to be authenticated verifies that he or she recognizes or possesses a number of confidential data and information (Burr et al., 2006). In this scenario, majority of verification systems are basically dependent on secret passwords. But unluckily, the uncertainty and extent of user selected secret passwords turn out to be permanent even after a long period. In difference, a hardware development continually provides attackers growing computational control. Thus, password methods like that customary UNIX user-authentication structure are becoming unsuccessful with the passage of time (Provos & Mazieres, 2002). Password cracking is a way of trying to access or crack passwords in an attempt to enter into a computer system or a communication network. In addition, crackers usually make use of a range of scripts, tools or cracking software to break a communication system password. In this scenario, the prime objective of the cracker is to perfectly get the password of server (UNIX) or other system and for Windows and NT. Moreover, the process of password cracking starts by matching each protected dictionary word with information stored in the system secret password file so that a match could be found (Webopedia, 2011). Security management is one of the major concerns in this age of technology. However there is a large number of technology based applications those are breaking and disturbing such security settings. Password cracking systems are one of such systems those are used to breach the security of any system (Nash, 2000) and (Snyder, 2006). In the upcoming sections this paper will analyze such password cracking systems and their possible functioning. TECHNOLOGY EVOLUTION After the evolution of technology based systems microprocessors developed quickly, so does the pace of cryptographic digital software. In this scenario, speedy cryptographic technique offers a lot of chances for making application system safer. It makes encryption exploitable for a broad variety of systems. In addition, it offers superior standards of adjustable protection metrics like that secrete key length. However, growing security limitations make it very difficult to crack cryptography (or at any rate super-polynomially), dwarfing a number of advantages quickly hardware can present invaders. However, there is a security challenge in way of its implementation that is the extent and uncertainty of client selected passwords does not level in any way with computing control. Despite the fact that many systems need users to choose secret passwords for verification, some in fact acclimatize their algorithms to protect safety regardless of growing dominant attackers. In this scenario, one of the well-known adoption of passwords, and a high-quality instance of collapse to acclimatize, is the UNIX password structure. In fact, UNIX is a multi-user OS (operating system), which requires clients to confirm their identity prior to using digital system resources. Thus, the system users normally start a session by confirming their hidden passwords and usernames to a login into the system or application. In this scenario, that system or application confirms the hidden password with a file related to system password. In this case UNIX does not have plain-text hidden passwords inside this password file. In its place, it stores hashes of secret passwords, with one direction, crypt, that is able to simply be upturned by presuming user’s pre-images (Provos & Mazieres, 1999). To confirm a hidden password, the system login application muddles the password and matches the results to the suitable hash or disarray in the secret password file. In 1976, the crypt could be able to hash no more than 4 passwords for each second. As the simply recognized method of upturning system of crypt is to deduce pre-images, the algorithm produced passwords was extremely hard to recover from their hashes or muddles, consequently, the developers of UNIX experienced relaxed by leaving the password file understandable by all the clients or users. On the other hand, at the present, a speedy workstation with greatly optimized computer applications is able to carry out over 200,000 crypt processes per second. In addition, current security techniques are able to properly find out plain-text secret passwords by hashing or muddling whole word list of ordinary passwords and then evaluating the outcomes to the instances in a password file. The software crypt however yet benefits from extensive application, as well as legacy software yet compels a lot of websites to maintain their password files comprehensible by all the users. Moreover, nowadays we have verification methods considerably additional refined as compared to the UNIX password file. In fact, although, execution of such systems frequently rely upon the clients memorizing hidden passwords. However, there are substitutes, like that offering specifically confirmation hardware to clients or offering them printed record of erratically produced code for access; however these techniques normally create problems for the users or bring additional outlay. Therefore, hidden passwords carry on performing a significant role in the huge mainstream of user- authentication systems (Provos & Mazieres, 1999). The security attacks based on guessing passwords can be classified on the basis of amount of communication they need to do with a verification system. For instance, in online security attacks, the attacker has to make use of an authentication system to confirm every guess of a hidden password. On the other hand, in offline security attacks, a hacker gets secret data and information like that password hash that is helpful to him in confirming the hidden password guesses on his personal effort, with no additional access to the system. However, web based security attacks are normally drastically sluggish as compared to online attacks. In this scenario, the systems have the capability to identify online security attacks simply as well as offer protection against them by delaying the pace of hidden password scrutiny. On the contrary, the moment an online attacker has acquired hidden password confirmation data and information, the offered security a system can experience from web based attacks is the calculated cost of examining possible passwords. In this scenario, methods for extenuating the danger of web based password presumption normally desire to one of the two objectives limiting a system's vulnerability to web based attacks or growing their computational expenditure. For instance, a lot of contemporary UNIX systems at present maintain password hashes hidden from clients, storing them in a shadow password file which is not understandable rather than in the format which can be interpreted explicitly (Provos & Mazieres, 1999). PASSWORD CRACKING The process of password cracking is a common term explaining a set of methods that are utilized to get the password in an attempt to get access to information and data stored on a system. In addition, the process of password cracking exclusively denotes procedures through which a person gets a password using accessible data, deceiving a person to get a hidden password, through phishing, is not recognized to be secret password cracking. On the other hand, guessing a password on the basis of already known information of the computer system's user is recognized as information cracking, since the password is not identified earlier. In addition, most of the procedures of getting passwords engage recurring, estimating or utilizing safety vulnerabilities within the computer system. However, there are numerous other techniques of getting someone’s password. For instance, try to reach the mind of the individual whose computer system he is trying to break to forecast probable passwords. In this scenario, numbers, names of pets or respected ones, important dates, important locations, phone numbers and general usernames are all tarnished, simply guessable hidden passwords (Liden, 2011). Dictionary attack is also a well known technique for accessing hidden passwords. Seeing that many people implement a password that could be found in words or dictionary pursued by a single digit. In addition, a lot of password cracking systems positively try to go through dictionary number and words grouping in an attempt to break a hidden password. However, such kinds of dictionary based attacks are usually unsuccessful for complex passwords (i.e. lengthy passwords). But they have a tendency to be extremely efficient against some particular-word secret password (Liden, 2011). In the same way, brute-force attack is another technique of password cracking that is considerably more useful as compared to a dictionary attack. In a brute-force security attack, a computer program tries each potential character and also combining it with other characters until it finds appropriate password. In process of password breaking a brute force security attack would require to be launched throughout a lot of additional prospects previous to it could encounter the accurate hidden password. However, this technique is time consuming for the reason that there are immeasurable expected numbers, alphabets and symbols groupings that a person could utilize for the strength of password. When computers CPUs become increasingly influential, through it is progressively reasonable technique of password cracking (Liden, 2011). There is another protected password cracking technique which engages cracking the computer system's security management cryptographic hash algorithm based function. In this scenario a cryptographic hash function is a method that translates a password into a consistent length bit string or sequence. If the algorithm and function hash has been cracked, it could be used to reverse-engineer the password. However, most of the hash functions are extremely complicated and could not be broken and cracked without considerable endeavor and time (Liden, 2011). In this scenario, a skilled computer security specialist is able to crack a range of passwords; there are ways that one can adopt to deal with password cracking challenges. In this scenario, complex and lengthy passwords are for all time much better than easy passwords. In addition, the passwords that encompass uppercase and lowercase alphabets, letters and symbols are a great deal tough to crack as compared to those passwords which encompass one or two of those alternatives (Liden, 2011). PASSWORD CRACKER In fact password cracker is a system that is utilized to recognize an unidentified or overlooked password to an information system or resources of network. Additionally, it could be used by an individual cracker to get illegal access to communication resources as well as network devices. In this scenario, there are two key techniques which are utilized by the crackers in order to recognize right passwords, one is brute-force and other is dictionary investigations. Seeing that a password cracker uses brute-force attack, it executes a diverse blend of letters inside a prearranged length until it discovers the accurate grouping with the innovative technology based computer system. While performing the process of dictionary exploration, a password cracker checks every letter or symbol in the dictionary in an attempt to match it with the actual password. In this scenario, secret password dictionaries are presented for a multiplicity of subjects and arrangements of diverse issues or topics, comprising videos, political affairs and song categories (TechTarget, 2001). A number of password cracker applications programs search for mixtures of dictionary entries and statistics. For instance, a password cracker can search for ABC01, ABC02, ABC03, etc. However, this could be useful when computer system users have been recommended to competently use digits in their secret password (TechTarget, 2001). In addition, a password cracker can be able to recognize coded secret passwords. In this scenario, by recovering the password from the system's memory, the application can be capable to decode/decrypt it. Otherwise, by exploiting the similar algorithm similar to the system application, the password cracker produces an encoded edition of the password that matches to the real one (TechTarget, 2001). WAYS TO CRACK PASSWORD Information security has become one of the prime priorities for all the businesses. In addition, there are situations in which processes and methods of password cracking serve as a legal business constraint. For instance somebody formerly conversed with me for the reason that a displeased administrator modified all the security passwords prior to leaving the job. In one more condition, we got a CD with a product that we were assessing however the sender did not remember to send me the password to the .zip archive file. These are only 2 of numerous examples that have required us to look into the black-art of password decryption and cracking. However, in case of password cracking there is no accepted principle for cracking a hidden password. There are numerous different ways and techniques relying on the kinds of passwords we need to break or crack. In spite of every password breaches are divided into 4 main types: (Posey, 2011) and (Fischer, 2007) Dictionary Brute force Circumvention Decryption GOALS OF THE CRACKER The basic goal of the password cracker is to get root account security password on any operating system such as on the UNIX systems and administrator security accounts on Windows 2000 and NT operating systems. However, using a number of UNIX protection systems, the hidden passwords for clients in the controls, safety, or operating system root group may perhaps experience greater importance. As the password cracker seemingly earlier has several extents of access to the intended or destination system (the process of password cracking could simply be carried out as the attacker beforehand acquires the hidden password hashes), it is not probably fact that ordinary accounts will be of a great deal important to the interloper however the methods intended for getting passwords are the similar in spite of the target security account. The imposter or intruder is likely to require just single password aimed at an account using appropriate rights. In this scenario, extra accounts can be of some significance in preventing entrance however not probably to create a great deal realistic dissimilarity in getting access to the system at the preferred privilege point (Ken Savage Making, 2007). The password cracking program demonstrates that through the computing control presently available and for the next few years, 8 character passwords (the customary password length restraint on UNIX operating systems) could be selected that will not be broken by brute force password breaking methods however yet the majority of passwords are weakly selected and perfect for a number of conventional features (Ken Savage Making, 2007). Seeing that brute force attack is not about recognizing someone however the most vulnerable passwords, the attacker’s finest opportunity is to recognize the methods those are computationally proficient as contrasted with brute force methods as well as have a practical possibility of cracking a number of the secret passwords in the group of accounts and password hashes in their controls. By accessing, what has to be recognized and how users choose passwords, an attacker could be able to extremely augment the likelihood in their support of discovering passwords. On the other hand, by using correct methods, a number of meager passwords could be cracked within a very short interval of time (Ken Savage Making, 2007). CRACKING TOOL’S CHANCES OF BREAKING AND FLAW IN THE PASSWORD The basic problem in the user secret password system is the propensity of the majority people to choose words and names that could be found in dictionaries as their selected passwords. Frequently similar words or names are customized by implementing expected modifications to them. However, it can be in response to system needs to deviate the types of characters which are incorporated into a password. In addition, a brute force attack is often substituted with a dictionary attack. Because of its simplicity, this indicates treating every stored word in a system dictionary like a password as well as encrypting it and after that contrasting the consequential results to the hashes in the user secret password file that is being cracked by the crackers. If the attacker’s predicted hashes are found, the password is recognized. However, it is very important to know that this is simply the most basic shape of dictionary attack as well as that the actual strength of dictionary attacks originated from knowing the means wherein the majority people diverges names and dictionary words when trying to generate a password. Moreover, by implementing all the general changes to each word in the directory of electronic catalog as well as encoding every outcome the number experienced passwords increases quickly. Thus, each “intelligent” method of assessing words to conceal their source is to identify the cracking application software (Ken Savage Making, 2007). CRACKING WINDOWS PASSWORDS Cracking Windows password method engages utilizing huge lookup tables to compare encrypted passwords with the actual text typed by an individual, therefore accelerating the computations needed to crack the encrypted password. In addition, acknowledged as the time and memory transaction, the condition outlines that a security attacker with a great quantity of computer memory is able to decrease the time it spends to break a password. Therefore the effects accentuate a reality regarding which of various password security researchers have disturbed. In this scenario, Microsoft's method for encrypting passwords has a number of flaws that make this kind of methods generally efficient. Moreover, the researchers have shown that Windows passwords are not very helpful for the system protection. The usual difficulty by Windows passwords is the lack of some casual details as well as information (Lemos, 2011)." In case of password security and management Microsoft has applied two encoding systems, which are also recognized as hashing functions, to interpret and encrypt user secret passwords. First is LANMan and other is LANManager. They were implemented in Windows 3.1/95/98/Me and early NT systems to protect passwords that were used to make a connection with former Windows networks. In this scenario, the LANMan system has numerous flaws, comprising the conversion of all the characters to uppercase, dividing passwords into 7-byte portions as well as not making use of extra random factor recognized as "salt." Whereas the latest NTHash resolves the initial two flaws, but it does not make use of a casual number to create the hashes further exceptional. The similar password created on two Windows systems will forever be the similar which outlines that a password cracker is able to make a huge lookup table as well as crack passwords on some Windows systems. In this scenario, Linux, UNIX and the Mac operating systems X, insert a 12-bit salt to the computation, preparation for a brute force effort to crack the encryption attains 4,096 times more or need 4,096 times additional memory because a security attacker would need of administrator privileges in order to capture the file that holds the password security information and hashes. The basic aim of using privileges we have achieved on a particular resource to burglarize many systems. If we have burglarized a communication server and got a hash, we are able to augment our privilege and gradually shift our system throughout the network. In this scenario, system users are able to protect themselves beside the attack by incorporating special characters to a secret password. Moreover, the addition of cipher in place of alpha-numeric characters generates complication to the procedure of cracking secret passwords and cracker requires extra time or additional memory or both (Lemos, 2011). UNIX PASSWORD CRACKERS The basic purpose of UNIX password crackers is for a system's administrator to take notice and remove fragile user passwords. However, this necessitates access to the secret password hashes that contemporary UNIX systems simply offer to the system administrator (known as root). On the other hand, all the UNIX passwords cannot be broken or cracked in a realistic period (as well as this is the reason it seems sensible to implement powerful passwords).Moreover, if we are searching for a means to retrieve otherwise avoid a misplaced password, it is typically simplest to immediately alter it or request our system admin to perform this task. In case admin (root) has lost its password, there is approximately forever an approach to avoid as well as change it through physical access to the administrator system (OpenWall, 2011). There exist numerous secret password hash categories that are utilized by different UNIX editions, having different characteristics. In addition, many of them are as well utilized again on non-Unix platform. Especially, the MD5 supported password hashes that are created in FreeBSD are at the present as well utilized by Cisco IOS intended for facilitating passwords. It outlines that these password crackers can furthermore be utilized on similar passwords. In such scenario John the Ripper is a speedy password cracker, which is at the present available for several versions of UNIX operating system. In UNIX 4 cracking styles are utilized: "single crack" (obtains user passwords to attempt from information in the secret password files on their own), dictionary containing word twisting regulations, then we have the incremental form (that attempts the entire potential character groupings in a best array foundational upon numerical details), as well as outside (permits us to develop an algorithm in a programming language like C). Moreover, there is a practical password power examining component intended for PAM-aware password altering systems that could be utilized in an attempt to stop our users from selecting passwords that would be simply cracked by using programs such as Crack or John. The allocation encompasses Eric Young's fcrypt, an establishment of the customary DES-based UNIX password hashing (fairly well-organized, however normally numerous times more time consuming as compared to John the Ripper system) (OpenWall, 2011). TOP PASSWORD CRACKERS Cain and Abel Cain and Abel is one of the top password recovery systems used on Windows platform. UNIX clients frequently arrogantly declare that the most excellent open safety tools support their system first, as well as Windows communication ports are frequently a late addition. They are typically correct; however Cain and Abel is an obvious segregation. In addition, Windows only password recovery system manages a wide range of jobs. Moreover, it is able to retrieve or recover passwords by sniffing the communication network, cracking decoded secret passwords through Brute Force, Dictionary and Cryptanalysis security hits, cracking jumbled passwords, storing VoIP dialogue, disclosing password boxes, finding cached passwords as well as examining routing protocols (SecTools, 2011) and (Montoro, 2009). Image Source: http://www.oxid.it/ca_um/ THC Hydra THC Hydra is a high speed network verification cracker that manages a lot of diverse activities in general. As we need to brute force secret password crack a remote verification service, Hydra is frequently the contrivance of preference. It is to able to carry out fast dictionary attacks beside over 30 network communication protocols, comprising ftp, telnet, https, http, smb, numerous databases as well as a lot of others (SecTools, 2011). Image Source: http://www.thc.org/thc-hydra/ Aircrack Aircrack is a speedy system for cracking password available as WEP/WPA cracking tool. Aircrack is a set of systems and tools for 802.11a/b/g WEP in addition to WPA password cracking. In addition, it is able to recover a 40 through 512-bit WEP security key once sufficiently encoded packets have been collected. Moreover, it is able to as well attack WPA-1 or WPA-2 networks through superior cryptographic techniques or with the help of brute force security cracking attack. Furthermore, Aircrack system comprises aireplay, airodump, airdecap and aircrack applications (SecTools, 2011). Image Source: http://www.aircrack-ng.org/screenshots.html Airsnort Airsnort is an 802.11 WEP Encryption Cracking System. AirSnort is based on the wireless LAN or WLAN system that restores hidden encryption keys. Additionally, it was designed by the Shmoo Group and works by inactively observing broadcasts, calculating the encryption key as soon as sufficient data and information packets have been collected. We can as well be attracted in the related Aircrack cracking system (SecTools, 2011). SolarWinds SolarWinds is a glut of network screening/detection and attack tool. SolarWinds has developed and advertised numerous unique purpose applications for business systems administration. System regarding the computer along with network security incorporates numerous SNMP brute-force crackers, network detection scanners, a TCP link retune system, router password decoding, one of the best and simplest router configurations upload/download system accessible over the communication network (SecTools, 2011). Pwdump Pwdump is a window password recovery system. Pwdump is capable to remove NTLM and LanMan password based secret hashes from a Windows destination, despite of whether Syskey is permitted. In addition, it is also able to demonstrate password records if they are accessible. Moreover, it provides the information and data in L0phtcrack-compatible structure, and also is able to write down to an output file associated with windows security (SecTools, 2011). RainbowCrack RainbowCrack is a revolutionary Password Hash Cracker tool utilized at present. The RainbowCrack system is a hash cracker that exploits an enormous level time-memory transaction. Additionally, a customary brute-force-cracker tries all the probable words and texts separately, that may perhaps be time intense for difficult user’s passwords. Moreover, RainbowCrack incorporates a time memory transaction to perform all the cracking time calculations beforehand and stores the results in the form of tables known as rainbow tables. Furthermore, it takes an extended time to pre-calculate the tables however Rainbow-Crack is able to run hundreds of times quicker as compared to brute force cracker formerly the pre-calculation is ended (SecTools, 2011). Brutus Brutus is a network brute-force verification cracker for windows platform. This Windows only cracker hits besides network services of isolated arrangements attempting to estimate passwords by making use of a dictionary and transformations thereof. Moreover, it is able to up-hold POP3, HTTP, SMB, FTP, IMAP, TELNET, NTP as well as additional services. In this case no source cipher is obtainable (SecTools, 2011). L0phtCrack L0phtCrack is a well known leading Windows password cracking system. It is simple to utilize L0phtCrack through its GUI (graphical user interface) but it is somewhat restricted as compared to John the Ripper and Crack 5 in its dictionary conversion potentials. Additionally, L0phtCrack is able to attach a user related as well as specified digits and characters till the last part of the user system dictionary words. It operates in the course of whole character’s set as well as affixes each group to every dictionary word; this comprises all the letter sequences, symbols and numbers. Moreover, L0phtCrack needs smaller amount of time to execute even in seconds to process the default dictionary of almost 30,000 words and approximate one minute and a half to produce two extra letters in conjunction with the 30,000 dictionary (on a PIII 500) on the directory (Ken Savage Making, 2007). Image Source: http://www.l0phtcrack.com/learn.html JOHN THE RIPPER John the Ripper is a quick password cracker, which is currently available for several versions of Windows, UNIX, BeOS, DOS, and OpenVMS. Additionally, the basic purpose of this cracker is to identify weak UNIX passwords. Moreover, in addition to various crypts password hash types that are frequently found on different UNIX systems, supported out of the package are Windows LM hashes, as well as a lot of others with contributed patches. In addition, John the Ripper is a free of cost password cracking application system. At first John the Ripper was built for the UNIX OS, now it has the capability to execute on fifteen different operating system’s platforms (from which are architecture explicit types of DOS, UNIX, BeOS, Win32 as well as OpenVMS). John the Ripper is most well-known password contravention/ analysis system since it combines numerous password crackers into a single application. Furthermore, this system is able to automatically distinguish password-hash categories and comprises a system personalized cracker. Thus, it could be executed along with different encoded password arrangements comprising numerous crypt password hash categories which are mainly discovered on different editions of UNIX systems (Wikipedia, 2011) and (OpenWall2, 2010). Image Source: http://hackingtutorial.net/wp-content/uploads/2010/11/john-the-ripper.png The novel “features” of this application are mainly performance enhancement because of the massive utilization of improved algorithms (carrying additional intrinsic parallelism of attempting numerous applicant passwords at the low level to the coaching level), improved customized code, as well as novel hardware potential (like that AltiVec obtainable on PowerPC G4 as well as G5 CPUs). In addition, John-the-Ripper 1.7 system works a great deal quicker at Windows LM hashes as compared to John-the-Ripper version 1.6. (As John-the-Ripper is mainly a UNIX based password cracker, that has been optimizing the Windows LM hash support. However, this is not a main concern as well as therefore it was not performed ultimately for the 1.6 release.) John’s “raw” working at Windows LM hashes is currently comparable to or somewhat improved than that of saleable Windows password crackers like that LC5, as well as that’s although John trying applicant passwords in an extra refined array designed on statistical details (causing usual passwords found broken rather soon). JtR 1.7 as well enhances on the utilization of MMX on x86 as well as begins to apply AltiVec on PowerPC CPUs as cracking DES-based hashes (i.e. together Windows LM hashes plus Unix crypt- (3)) (DarkNet, 2006). CONCLUSION Password cracking is a way of trying to access or crack passwords in an attempt to enter into a computer system or a communication network. In addition, crackers usually make use of a range of scripts, tools or cracking software to break a communication system password. In this scenario, the prime objective of the cracker is to perfectly get the password of server (UNIX) or other system and for Windows and NT. Moreover, the process of password cracking starts by matching each protected dictionary word with information stored in the system secret password file so that a match could be found. This paper has presented a comprehensive analysis password cracking systems. This paper has outlines some of the important aspects of password cracking and its main advantages and pessimistic features. This paper has also assessed the evolutions and current technologies being utilized widely in password cracking. In the last section this paper has discussed top ten password cracking systems and their working processes. REFERENCES Alexander, S., 1997. Password Protection for Modern Operating Systems. [Online] Available at: http://www.usenix.org/publications/login/2004-06/pdfs/alexander.pdf [Accessed 19 March 2011]. Burr, W.E., Dodson, D.F. & Polk, W.T., 2006. Electronic Authentication Guideline. [Online] Available at: http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf [Accessed 19 March 2011]. DarkNet, 2006. JTR (Password Cracking) – John the Ripper 1.7 Released – FINALLY. [Online] Available at: http://www.darknet.org.uk/2006/03/jtr-password-cracking-john-the-ripper-17-released-finally/ [Accessed 18 March 2011]. Fischer, T., 2007. Everyday Password Cracking. White Paper. London: Information Risk Management Plc. Ken Savage Making, 2007. How to crack a computer password. [Online] Available at: http://www.kensavage.com/archives/how-to-crack-a-computer-password/ [Accessed 21 March 2011]. Lemos, R., 2011. Cracking Windows passwords in seconds. [Online] Available at: http://news.cnet.com/2100-1009_3-5053063.html [Accessed 19 March 2011]. Liden, D., 2011. What Is Password Cracking? [Online] Available at: http://www.wisegeek.com/what-is-password-cracking.htm [Accessed 18 March 2011]. Montoro, M., 2009. Cain & Abel - User Manual. [Online] Available at: http://www.oxid.it/ca_um/ [Accessed 18 March 2011]. Nash, J., 2000. Networking Essentials, MCSE Study Guide. California: IDG Books Worldwide, Inc. OpenWall, 2011. Unix Password Crackers. [Online] Available at: http://www.openwall.com/passwords/unix-crypt [Accessed 20 March 2011]. OpenWall2, 2010. John the Ripper password cracker. [Online] Available at: http://www.openwall.com/john/ [Accessed 20 March 2011]. Posey, B.M., 2011. How to crack a password. [Online] Available at: http://searchenterprisedesktop.techtarget.com/tip/How-to-crack-a-password [Accessed 20 March 2011]. Provos, N. & Mazieres, D., 1999. A Future-Adaptable Password Scheme. In Proceedings of the FREENIX Track: 1999 USENIX Annual Technical Conference. Monterey, California, USA, 1999. USENIX Association. Provos, N. & Mazieres, D., 2002. A Future-Adaptable Password Scheme. [Online] Available at: http://www.usenix.org/events/usenix99/provos.html [Accessed 19 March 2011]. SecTools, 2011. Top 10 Password Crackers. [Online] Available at: http://sectools.org/crackers.html [Accessed 19 March 2011]. Shimonski, R., 2002. Hacking techniques: Introduction to password cracking. [Online] Available at: http://www.ibm.com/developerworks/library/s-crack/ [Accessed 18 March 2011]. Snyder, R., 2006. Ethical hacking and password cracking: a pattern for individualized security exercises. In InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development., 2006. ACM, New York, USA. TechTarget, 2001. Password Cracker. [Online] Available at: http://searchfinancialsecurity.techtarget.com/definition/password-cracker [Accessed 19 March 2011]. Theoharoulis, K., Manifavas, C. & Papaefstathiou, I., 2009. High End Reconfigurable Systems for Fast Windows' Password Cracking. In FCCM '09 Proceedings of the 2009 17th IEEE Symposium on Field Programmable Custom Computing., 2009. IEEE Computer Society Washington, DC, USA. Webopedia, 2011. Password Cracking. [Online] Available at: http://www.webopedia.com/TERM/P/password_cracking.html [Accessed 18 March 2011]. Wikipedia, 2011. John The Ripper. [Online] Available at: http://en.wikipedia.org/wiki/John_the_Ripper [Accessed 19 March 2011]. Read More