The IT Law Wiki


A password cracker is

[a] software program designed to conduct an automated brute force attack on the password security controls of an information system by “guessing” user passwords.[1]
[a]n application that tests for passwords that can be easily guessed, such as words in the dictionary or simple strings of characters (e.g., "abcdefgh" or "qwertyuiop").[2]


Most cracking utilities can attempt to guess passwords, as well as performing brute force attempts that try every possible password. The time needed for a brute force attack on an encoded or encrypted password can vary greatly, depending on the type of encryption used and the sophistication of the password itself.

Once a weak password is discovered, an attacker can enter the computer as a normal user and use a variety of tricks to gain complete control of the computer and network.

While used by intruders, such programs are invaluable to systems administrators. Systems administrators can run password-cracking programs on their encrypted password files regularly to discover weak passwords.


See also[]

External resource[]