Password Cracking

• Dictionary attacks — A dictionary of possible passwords is hashed and then compared against the stored hashes.
• Rainbow table attacks — Use pre-computed tables of hash values for all hashed passwords, lookup the stored hash in this table. This can be countered with a sufficiently large salt and hash length.

Password crackers such as John the Ripper use the above techniques and exploit the fact that people tend to choose easuly guessable passwords.

A lot of these techniques, although they have improved with computational resources, can be fended off through a number of approaches:

• User education
• Computer generated passwords and password managers
• Reactive password checking
• Complex password policy