Time
40 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hello, Martin is Dustin, and welcome to password cracking.
00:05
Now that we've discussed passwords and how easily they can be cracked,
00:09
what can we do to help secure them?
00:12
One of the first things to remember is that in most cases the longer a password is, the longer the time it will take to crack.
00:22
Most places are actually gang away from passwords and creating what's called are what's known as a pass phrase
00:30
a past phrases, a password that involves multiple ideally random words.
00:36
Using a pass phrase makes it easy to remember and much more difficult to crack because it's much longer than a standard password.
00:45
It's always ideal to use a different password for everything that you do so like a different password on your banking site and your social media sites. Although this method does make it somewhat difficult to remember where each password was used,
01:02
one thing you can do to help keep track of your passwords is use a password manager.
01:07
A password manager is a central repositories for all of your passwords that keeps your passwords and an encrypted database.
01:15
This is a great way to protect all of your passwords, but keeping them all in one place can also be a little bit dangerous.
01:25
Many password managers decrypt the whole database after you enter that first initial password to log in.
01:30
If someone were to gain access to your computer while the database was unlocked, they now have access to all of your passwords.
01:40
So it's important to remember that a password manager is is only as good as the first initial password required in order to decrypt the data base.
01:49
It's always best to evaluate the various password managers out there and find one that's going to work best for you.
02:00
So in this module will be learned a lot about passwords. We learned how passwords can be stored and the safest ways to do so. We also learned about cracking passwords and a few ways to do it with John the Ripper and came the able.
02:15
After we learned how to crack passwords, we talked about a few ways to make your passwords more difficult to crack and also easier to manage
02:25
up. Next, we'll be going over a P T or advanced persistent threat. Groups stay tuned, but first we've got a quick quiz.
02:37
First question. Which tool was designed to crack a UNIX system. Passwords.
02:42
Was it a Cain and Abel
02:45
be Jack the Ripper.
02:46
See John the Ripper
02:50
or D Creed in Andy?
02:53
It will give you a second to think about that one, but it should be pretty easy.
03:00
That's right. John the Ripper was designed to crack UNIX system passwords.
03:05
Kevin can't keep track of his passwords, so he started using a password manager.
03:09
His password manager offers various options to secure his passwords. Which of the following options would be the most secure?
03:19
Is it a plane tax storage?
03:22
Be half storage,
03:23
sea salt and pepper hash?
03:28
Or is it D onion hash?
03:35
That's right. The most secure option would be salting in peppering the hash.
03:40
Last question. Creed needs help creating a new pass phrase. Which of the following would be the most secure?
03:49
Is it a www dot c r 33 d t h o u g h t s dot gov dot www backslash c r e d capital T H
04:06
zero u g
04:09
HTS
04:12
Or would it be be capital B zero b o d y exclamation point?
04:18
Or would it be? See dollar sign capital s C U B A
04:26
What would the most secure password be?
04:29
Capital? C R E d 123 semicolon?
04:40
That's right out of the choices. They would be the most secure one. But now that we've put them all out on the Internet and plain text, I wouldn't recommend any of them because they're all going in my dictionaries.

Password Cracking Tool Fundamentals

In Password Cracking Tool Fundamentals, Dustin Parry takes you through different aspects of securing passwords and techniques deployed to crack passwords. These techniques can be deployed by IT technicians to check the password strengths, and it can be used by pentesters and attackers alike.

Instructed By

Instructor Profile Image
Dustin Parry
Network Security Engineer
Instructor