WEBVTT 0 00:02.090 --> 00:03.500 Welcome back! 1 00:03.500 --> 00:09.490 In the last lecture we've discussed how Linux system stores the user's passwords. 2 00:09.500 --> 00:16.370 Now it's time to talk about cracking them. Cracking the passwords means having the hash and trying 3 00:16.370 --> 00:19.240 to obtain the clear text password. 4 00:19.340 --> 00:27.080 There are two main ways someone can try to crack the passwords: using brute force or a dictionary attack 5 00:27.350 --> 00:35.720 and using rainbow tables. A brute force attack consists of an taker that uses an automated software 6 00:35.990 --> 00:41.530 that systematically checks all possible passwords until the correct one is found. 7 00:41.540 --> 00:49.520 This is in fact a trial and error process in which the hacker computes the hash of each word in a dictionary 8 00:49.880 --> 00:56.600 or a word list and then compares the resulting hash to the hash of the password. 9 00:56.600 --> 01:00.580 If the hashes are equal the password has been found. 10 01:01.620 --> 01:08.330 This classical technique is simple and straightforward but it takes a very long time, 11 01:08.340 --> 01:11.250 when the used password is long enough. 12 01:11.340 --> 01:19.650 In fact if you use a strong password and that means a random password of at least 12 or 14 characters 13 01:19.800 --> 01:27.270 consisting of letters digits and special characters it's impossible to be cracked in a reasonable amount 14 01:27.270 --> 01:27.750 of time. 15 01:29.150 --> 01:31.830 Let's talk about rainbow tables! 16 01:31.850 --> 01:34.280 This is the second approach. 17 01:34.280 --> 01:43.970 These tables are precomputed tables used for reversing cryptographic hash functions, usually used for tracking 18 01:44.000 --> 01:54.480 password hashes. Imagine that someone has already spent a lot of time and has computed the hashes of 19 01:54.660 --> 01:58.200 all the words in a very large dictionary. 20 01:58.200 --> 02:06.420 The hacker has the hash of the password he wants to crack and searches for that hash in the list of 21 02:06.630 --> 02:09.740 precomputed hashes of the rainbow table. 22 02:09.870 --> 02:14.090 If it's a there he has cracked the password. 23 02:14.120 --> 02:21.500 This is a practical example of a spacetime tradeoff using less computer processing time and the 24 02:21.500 --> 02:29.270 more storage then a brute force attack, which calculates a hash on every attempt. A brute force attack 25 02:29.330 --> 02:32.300 takes a lot of time even years, 26 02:32.300 --> 02:35.080 but that doesn't require a lot of storage, 27 02:35.300 --> 02:45.110 while a rainbow table requires a lot of space, many tens or hundreds of gigabytes, but it doesn't require 28 02:45.230 --> 02:46.520 a lot of time. 29 02:46.520 --> 02:53.900 You search for a hash in a matter of seconds or tens of seconds depending on how big the rainbow 30 02:53.900 --> 03:00.080 table is. Either way using a brute force attack or a rainbow table 31 03:00.090 --> 03:03.270 the hacker should have the hash of the password. 32 03:03.300 --> 03:11.790 Generally this is obtained by hacking the database that stores the password hashes. Over the years 33 03:11.860 --> 03:20.440 most of the biggest email or other service providers like Yahoo, LinkedIn, YouTube, or Adobe have had security 34 03:20.440 --> 03:26.140 breaches and their password databases stolen by hackers. 35 03:26.140 --> 03:27.940 A nice website is 36 03:27.940 --> 03:29.120 "haveibeenfound.com" 37 03:29.170 --> 03:36.160 and there you could check if you have an account that has been compromised in a data breach. 38 03:37.120 --> 03:44.470 If you find your e-mail address in that list it doesn't mean that the hackers have your password but 39 03:44.580 --> 03:52.640 that they have the hash of your password and that they could try to crack it off line. In this lecture 40 03:52.850 --> 03:58.160 we've talked about the principles of cracking passwords. In the next lecture 41 03:58.160 --> 04:03.320 I'll show you how to crack passwords using a brute force attack and John the Ripper.