Password Cracker

Share this

There are many techniques that can be used to find information linked to users’ accesses. Can you avoid these attacks by not sending users and passwords?

There are highly advanced tools which allow password recovery which can also be used as a password cracker.

The great speed of this software relies in the ability to use APIs on GPUs. APIs provided by graphics card manufacturers like Nvidia.

CUDA (Compute Unified Device Architecture) development environment is used by software programmers to write applications which perform parallel computing on the NVIDIA video cards GPUs.

In the GPU-accelerated applications, the sequential part of the workload runs on the CPU, optimized for single-threaded performance, while the compute-intensive application part runs on thousands of GPU cores in parallel. When using CUDA, developers program in popular languages ​​such as C, C ++, Fortran, Python, and MATLAB and express parallelism through extensions in the form of few basic keywords.

You can also use OpenCL (Open Computer Language) (implemented by Kronos.org) a standard used by AMD / ATI.

There are tools, such as hashcat, capable of reaching levels of 100 GH (Giga Hash) in password cracking techniques, using the GPU in a suitable way instead of the CPU sequential calculation.

  • Hashcat is the world’s fastest and most advanced password recovery utility
  • Hashcat utils: small utilities for advanced password cracking with these utilities, different types of attacks can be implemented:
  • Dictionary Attack or “direct mode”, is a very simple attack mode. It is also known as a “word list attack”.
  • Combinator Attack: words from multiple lists are combined;
  • Brute force attack and mask Attack: trying all characters from certain character sets, by position
  • Hybrid attack: combining word lists + masks and masks + word lists
  • Rules based Attack: apply rules to words from words’ lists; it combines with attacks based on word lists
  • Toggle-case Attack: alternation between upper and lower case; now accomplished with rules

These are techniques that can be used to find user access information. Is it possible to avoid these attacks by not sending users and passwords? The answer is yes. Using a method that does not require user and password typing but only biometric accreditation or the recognition with a QR Code associated, for example, with a code in an email that is scanned and recognized only by the a My-ID biometrically recognized identity (https://bit.ly/My-ID_la_chiave_sei_tu) could be a response to this type of attack.

My-ID provides the use of multi-factor biometric recognition (an SSO) in which the use of a password, a pin, a token is excluded (https://bit.ly/My-ID_passwordless): the formula for accessing the system requires the recognition of several biometric factors (https://bit.ly/My-IDCheckIdentity). Therefore, My-ID is an innovative method for systems access that does not require any typing (https://bit.ly/My-ID_Biometric_Login). A platform applicable to IT systems in order to avoid identity theft.