Difference between revisions of "Password management/Password Cracking"
m (1 revision) |
|||
(One intermediate revision by the same user not shown) | |||
Line 27: | Line 27: | ||
Ask one of the participants to prepare a Word document with an easy password, and crack it using [http://www.elcomsoft.com/aopr.html Advanced Office Password Recovery] for example. | Ask one of the participants to prepare a Word document with an easy password, and crack it using [http://www.elcomsoft.com/aopr.html Advanced Office Password Recovery] for example. | ||
+ | |||
+ | Ask the participants to test out their favourite password's security from http://www.cryptool-online.org/index.php?option=com_cto&view=tool&Itemid=159&lang=en | ||
=== Goal === | === Goal === |
Latest revision as of 20:34, 4 November 2013
Password Cracking
- Subsections
Add or edit subsection:
Lesson type | Demonstration |
Minimum time | 10 |
Maximum time | 20 |
Optionality | Required |
Position |
2/1 |
Type | Lesson |
Section of | Password management |
Lang | En |
- Last modified: 4 November 2013 20:34:17
Introduction
A password is usually the first and often the last line of defense for information systems. Participants need to be convinced during this lesson that it is not reasonable or secure to have a weak password protecting important information nor is it a good idea to have one strong password protecting all the user's different accounts.
Password Insecurity
Discuss password profiling, social engineering attacks and installation of keyloggers, via email or drive-by downloaders.
Demonstrate how a password cracker works. Demonstrate Windows password crackers, like Ophcrack; Advanced Office Password Recovery and the winlockpwn attack over a firewire cable.
Install Cain on a local machine and demonstrate the withdrawal of its local passwords.
Ask one of the participants to prepare a Word document with an easy password, and crack it using Advanced Office Password Recovery for example.
Ask the participants to test out their favourite password's security from http://www.cryptool-online.org/index.php?option=com_cto&view=tool&Itemid=159&lang=en
Goal
Explain the principles of brute force and the need for password complexity.
Trainer's notes
You'll need to prepare in advance for password cracking and make sure you've tested your software. You'll need Rainbow Table for opchrack. The trial version of AOPR can only crack 4 character passwords.