This project explores the world of password security, covering password storage, cracking techniques, and how to create strong passwords. It includes both theoretical explanations and a practical demonstration using FreeSSH and Cain & Abel.
- Password Hashing: The fundamental practice of storing passwords in a secure, hashed format instead of plain text.
- Brute Force Attacks: Password cracking attempts that systematically try all possible combinations of characters.
- Dictionary Attacks: Attacks that use lists of common words, their variations, and common substitutions.
- Password Complexity: The importance of password length, using a mix of character types, and avoiding easily guessed patterns.
This project demonstrates how brute force and dictionary attacks work. Using Cain & Abel, we'll attempt to crack a sample password hash stored within FreeSSH.
- FreeSSH (for demonstration purposes)
- Cain & Abel (for demonstration purposes)
- Read the Report: Thoroughly examine the included report (Section 1 - Introduction, Section 2 - Implementation, Section 3 - Conclusion) for detailed explanations and a step-by-step walkthrough of the demonstration.
- Replicate the Demo (Optional): If you'd like to experiment yourself, install FreeSSH and Cain & Abel, then follow the instructions provided in the report.
- Length is Key: Longer passwords are significantly harder to crack.
- Mix it Up: Include a combination of lowercase, uppercase, numbers, and special characters.
- Avoid Predictability: Don't use personal information (name, birthdate, etc.), common words, or simple patterns (12345, qwerty).
- Unique Passwords: Use a different password for each of your online accounts.
- Password Managers: Consider using a password manager to help you generate and store complex passwords securely.
I was recently exploring Google One's "Dark Web Report" feature when I made a startling discovery: several of my accounts had been compromised in various data breaches. Using the website "https://haveibeenpwned.com/", I could see exactly which breaches involved my email address.
This realization was a wake-up call. If a hacker gains access to my email from just one breach, they can easily identify all other breaches associated with that email and potentially piece together a complete profile of my online activity. With leaked usernames and passwords, they could attempt to access a multitude of websites where I might have reused login information.
Unfortunately, I'm guilty of reusing passwords across different sites, either due to laziness or a desire for easily remembered credentials. While some websites alert users to suspicious login attempts, others do not. This lack of transparency adds to the risk.
This experience sparked my desire to create this project. I want to raise awareness about the dangers of password reuse and the importance of proactive online security. Even those of us who know the risks sometimes engage in unsafe practices. I hope to provide tools and strategies to help people protect their digital identities.
This project is strictly for educational purposes. Do not use password cracking tools with malicious intent.
I'm always open to feedback and contributions to make this project even better. Feel free to reach out!