A password cracker is
|“||[a] software program designed to conduct an automated brute force attack on the password security controls of an information system by “guessing” user passwords.||”|
|“||[a]n application that tests for passwords that can be easily guessed, such as words in the dictionary or simple strings of characters (e.g., "abcdefgh" or "qwertyuiop").||”|
Most cracking utilities can attempt to guess passwords, as well as performing brute force attempts that try every possible password. The time needed for a brute force attack on an encoded or encrypted password can vary greatly, depending on the type of encryption used and the sophistication of the password itself.
While used by intruders, such programs are invaluable to systems administrators. Systems administrators can run password-cracking programs on their encrypted password files regularly to discover weak passwords.
- Internet Banking: Comptroller’s Handbook, at 79.
- Practices for Securing Critical Information Assets, Glossary, at 56.