You are here: Encyclopedia > Windows Operating System - Password Attacks
Windows Operating System - Password Attacks
Password attacks in Microsoft’s Windows Operating System are commonly performed with the use of the procedure called password cracking. The procedure is carried out by retrieving the passwords that are kept within a data or the password sent by a computer system to another. And, one of the typical ways as to how password cracking is performed is by attempting repetitive guessing for a password.
There are various reasons as to why password cracking is done and one of which is to assist the users who, unfortunately, have forgotten their password. This is also utilized by administrators of a system so as to identify those passwords that can be cracked by attackers without difficulty.
The method is not only utilized for good cause because there are people who make use of password cracking in order to satisfy their evil deeds. Vicious criminals make use of password cracking in order to illegally access a certain system.
Password hashing schemes that are not created systematically will not offer high-quality security on the stored passwords of a system. Hence, there is a great possibility that an attacker will abuse the security holes existing in the system so as to successfully obtain the passwords. An example of this is the LM hash, which has been incorporated by the manufacturer within the operating systems like Microsoft Windows XP and its earlier editions. LM hash allows keeping of passwords of the users that are less than 15 characters in length.
LM hash is used to switch the characters of the password into their uppercase form. The password is then broken into two fields with seven characters each. This permits attackers to easily target each of the two fields separately.
Recognizing numerous attempts of breaking into a system may be done by determining the number of failed logons. Too many logons means that someone has been trying to gain access into the system just by guessing the user passwords. This process is performed with the use of the “dictionary attack”. Dictionary attack works by utilizing a roll of words as passwords and these words are then inputted in order to identify the right password for a particular account.