Hacking generally refers to unauthorized intrusion into a computer or a network. The person engaged in hacking activities is known as a hackers.
Well we will start today with the passwords. Nowadays every passwords on the internet are saved in the form of hashing algorithm, doesn’t matter that your password is numeric, alpha numerical & symbols mixed. Passwords are never saved in the form of plain text. For example if you are signing up on Instagram for the first time then Instagram will ask your name, your email id, dob and to create a new password. All of these informations are saved in the Instagram backend database in the same form as it is but the passwords are never saved in a plain text format, So here the hashing algorithm comes in game. The hash form of every password seems to be like random but it’s actually not. It is the hashed text of that password and every social media has its own hashing algorithm. There are many types of hashing algorithm like SHA1, SHA256, MD5, MD6, the Tiger and many more.
So incase if the hacker somehow entered the Instagram backend database, even then he’ll get the hashed password not that plain text and then the only possible way to get the password is all about reversing the hash algorithm that means to make the hashed password as a normal plain text password, which is highly impossible and thats why hashing algorithms are designed.
Watch our Video on the Same Topic – https://youtu.be/nzeT_YojsYA
So now what the hacker can do for obtaining the password ????
So the type, combination and strength of the password comes in to play, like if you are using a very common password like hello12345 or anything then the hacker can easily know the password by hash string or by using rainbow tables.
So now what are these Rainbow tables ??
Rainbow tables are designed by hackers in which the hashed password are stored of some very common and commonly used password, so thats why it’s never recommended to use a very common password.
So there are few websites which scans the hashed password in the rainbow tables and gives u the plain text password if it’s available in the rainbow table. Like crackstation.net
So now if the password is not a commonly used password or if it doesn’t exist in the rainbow table, then things like Dictionary attack and brute force comes in to play. Both are almost same.
In dictionary attack there’s a wordlist which is basically a large collection of passwords in the form of text file. So in that dictionary there are a lot of passwords exist so the hacker programs it in a way so that all the passwords which exist in the text file are scanned one by one and if it matches. The hacker get’s the password so these types of attack can also be created for an individual like you can make ur own wordlist by entering your own expected passwords, like suppose if you know some basics info of that individual then you can try and enter the expected passwords. These attack can get success or can get failed depending upon the quality of the wordlist.
also read – Worlds Most Deadliest Hacker Apps
Now in Brute force attack each and every plain text checks for all the possible passwords of the world one by one by converting them into hash form and then matching it with the hashed password like it starts with abcd and check for every possible passwords and this is something very time taking as it checks for all the possible passwords from alphabetical passwords to symbols and numerical mixed passwords so thats why you must have seen that website recommends to use combination of alphabets, numbers and symbols in your password and they also tell to use the upper and lower case letters.
So it can even take trillion of years for hacking a strong password which is not practically possible like here you can see the time the digits of your passwords really matters also the combination of alphabets, numbers and symbols really makes your password an anti-hack password and easy passwords like hello12345 can be cracked within 10-15 minutes.
So for enhancing the security a term named salting is used. Salting is an algorithm in which special symbols are used in between the letters of the plain text passwords at specific position before hashing so it becomes more hard for the hacker to reverse the password as they aren’t gonna retrieve the actual password by this.
Every company has its own salting algorithm and they never reveal it. For example Instagram salting algorithm adds $A$ three times in the password like. The password hello12345 will be converted as $A$hello$A$12345$A$ so this password will be converted into the hashed form and this really enhances the security at a next level.
So by salting algorithm the rainbow tables and dictionary attacks are of no use. So if the hackers knows the salting algorithm employed by a company then only he can retrieve even the very simple and common password like hello12345.
Also there are a lot of more hacking methods known as phishing, key-logging and a lot more which I’m gonna cover in the different blog.