Password cracking is the process of determining a password from an encrypted or hashed value. Attackers may obtain a encrypted or hashed password several ways including:
- They may sniff an encrypted or hashed password from a network or the internet.
- They may use a database attack to get a copy of a hashed or encrypted password.
- They may gain access to a computer system where encrypted passwords are stored and get a copy of the encrypted passwords.
There are many password cracking tools that are made to obtain passwords from encrypted passwords or even hashed passwords. Some tools will use a dictionary attack which assumes the password is a dictionary word or a variant of it and uses the dictionary words to guess the password, then hash or encrypt it, and finally compare the created value with the stolen value. A password cracking tool may use brute force attack to try all possible combinations of characters for a password until a match is found. Password cracking tools may use both dictionary attack, brute force attack methods and other methods to break passwords.
If a passwords is sufficiently long and complex, it will take longer to use brute force to crack it and it should not be vulnerable to a dictionary attack.