The password has been used to encrypt the information or message for a long time in the history and it

leads to discipline: cryptography, Further more , with the rapid development of computer science, the
passwords is now also commonly used for user authentication issue, which is very important to the
internet security.
RFC 2828 defines user authentication as “the process of verifying an identity claimed by or for a
system entity”. The authentication service must assure that the connection is not interfered with by a
third party masquerading as one of the two legitimate parties, which usually concerns two approaches
data origin authentication. The data origin authentication provides for the corroboration of the source
of the source of a data unit without the protection against the duplication or modification of data units,
and this type of service supports applications like email where there are no prior interactions between
the communicating entities. The peer entity authentication provides for the corroboration of the
identity of a peer entity in an association for use of a connection at the establishment or at times
during the data transfer phase, which attempts to provide confidence that an entity is not performing
either a masquerade or an unauthorized replay of a previous connection.
There are usually four means of authenticating user identity based on: something the individual know(
e.g. password, PIN, answers to prearranged questions). Something the individual does ( token e.g :
smartcard, electronic keycard , physical key ) . Something the individual is ( static biometrics, e.g.
fingerprint, retina, face), .
AccessData Forensic Toolkit let help us to do thorough computer forensic examinations. It includes
powerful file filtering and search functionality, and access to remote systems on your network.
AccessData forensic investigation software tools help law enforcement officials, corporate security,
and IT professionals access and evaluate the evidentiary value of files, folders, and computers. By
using the AccessData Forensic Toolkit cracking the passwords and calculating the accuracy of
passwords recovered from the respective sites aswellous checking any other evidences helping as for
continue the investigation.
Literature review
Forensic Toolkit, or FTK, is a computer forensics software made by AccessData. It scans a hard drive
looking for various information.[1] It can, for example, locate deleted emails[2] and scan a disk for
text strings to use them as a password dictionary to crack encryption.[3]

The toolkit also includes a standalone disk imaging program called FTK Imager. This tool saves an
image of a hard disk in one file or in segments that may be later on reconstructed. It calculates MD5
hash values and confirms the integrity of the data before closing the files. The result is an image
file(s) that can be saved in several formats, including DD raw.[citation needed]

Secure Passwords Keep You Safer

EVER SINCE I wrote about the 34,000 MySpace passwords I analyzed, people have been asking how
to choose secure passwords.

My piece aside, there's been a lot written on this topic over the years – both serious and humorous –
but most of it seems to be based on anecdotal suggestions rather than actual analytic evidence.
What follows is some serious advice.

The attack I'm evaluating against is an offline password-guessing attack. This attack assumes that the
attacker either has a copy of your encrypted document, or a server's encrypted password file, and
can try passwords as fast as he can. There are instances where this attack doesn't make sense. ATM
cards, for example, are secure even though they only have a four-digit PIN, because you can't do
offline password guessing. And the police are more likely to get a warrant for your Hotmail account
than to bother trying to crack your e-mail password. Your encryption program's key-escrow system
is almost certainly more vulnerable than your password, as is any "secret question" you've set up in
case you forget your password.

Offline password guessers have gotten both fast and smart. AccessData sells Password Recovery
Toolkit, or PRTK. Depending on the software it's attacking, PRTK can test up to hundreds of
thousands of passwords per second, and it tests more common passwords sooner than obscure
ones.

So the security of your password depends on two things: any details of the software that slow down
password guessing, and in what order programs like PRTK guess different passwords.

TRENDING NOW

Culture
How This Artist Makes Mirrors Out of Pompoms and Wooden Tiles

Some software includes routines deliberately designed to slow down password guessing. Good
encryption software doesn't use your password as the encryption key; there's a process that
converts your password into the encryption key. And the software can make this process as slow as
it wants.

The results are all over the map. Microsoft Office, for example, has a simple password-to-key
conversion, so PRTK can test 350,000 Microsoft Word passwords per second on a 3-GHz Pentium 4,
which is a reasonably current benchmark computer. WinZip used to be even worse – well over a
million guesses per second for version 7.0 – but with version 9.0, the cryptosystem's ramp-up
function has been substantially increased: PRTK can only test 900 passwords per second. PGP also
makes things deliberately hard for programs like PRTK, also only allowing about 900 guesses per
second.

When attacking programs with deliberately slow ramp-ups, it's important to make every guess
count. A simple six-character lowercase exhaustive character attack, "aaaaaa" through "zzzzzz," has
more than 308 million combinations. And it's generally unproductive, because the program spends
most of its time testing improbable passwords like "pqzrwj."

According to Eric Thompson of AccessData, a typical password consists of a root plus an appendage.
A root isn't necessarily a dictionary word, but it's something pronounceable. An appendage is either
a suffix (90 percent of the time) or a prefix (10 percent of the time).

So the first attack PRTK performs is to test a dictionary of about 1,000 common passwords, things
like "letmein," "password1," "123456" and so on. Then it tests them each with about 100 common
suffix appendages: "1," "4u," "69," "abc," "!" and so on. Believe it or not, it recovers about 24
percent of all passwords with these 100,000 combinations.

Then, PRTK goes through a series of increasingly complex root dictionaries and appendage
dictionaries. The root dictionaries include:

Common word dictionary: 5,000 entries

Names dictionary: 10,000 entries

Comprehensive dictionary: 100,000 entries

Phonetic pattern dictionary: 1/10,000 of an exhaustive character search

The phonetic pattern dictionary is interesting. It's not really a dictionary; it's a Markov-chain routine
that generates pronounceable English-language strings of a given length. For example, PRTK can
generate and test a dictionary of very pronounceable six-character strings, or just-barely
pronounceable seven-character strings. They're working on generation routines for other languages.

PRTK also runs a four-character-string exhaustive search. It runs the dictionaries with lowercase (the
most common), initial uppercase (the second most common), all uppercase and final uppercase. It
runs the dictionaries with common substitutions: "$" for "s," "@" for "a," "1" for "l" and so on.
Anything that's "leet speak" is included here, like "3" for "e."

The appendage dictionaries include things like:

All two-digit combinations

All dates from 1900 to 2006

All three-digit combinations

All single symbols

All single digit, plus single symbol

All two-symbol combinations

AccessData's secret sauce is the order in which it runs the various root and appendage dictionary
combinations. The company's research indicates that the password sweet spot is a seven- to nine-
character root plus a common appendage, and that it's much more likely for someone to choose a
hard-to-guess root than an uncommon appendage.

Normally, PRTK runs on a network of computers. Password guessing is a trivially distributable task,
and it can easily run in the background. A large organization like the Secret Service can easily have
hundreds of computers chugging away at someone's password. A company called Tableau is building
a specialized FPGA hardware add-on to speed up PRTK for slow programs like PGP and WinZip:
roughly a 150- to 300-times performance increase.

How good is all of this? Eric Thompson estimates that with a couple of weeks' to a month's worth of
time, his software breaks 55 percent to 65 percent of all passwords. (This depends, of course, very
heavily on the application.) Those results are good, but not great.

But that assumes no biographical data. Whenever it can, AccessData collects whatever personal
information it can on the subject before beginning. If it can see other passwords, it can make
guesses about what types of passwords the subject uses. How big a root is used? What kind of root?
Does he put appendages at the end or the beginning? Does he use substitutions? ZIP codes are
common appendages, so those go into the file. So do addresses, names from the address book,
other passwords and any other personal information. This data ups PRTK's success rate a bit, but
more importantly it reduces the time from weeks to days or even hours.
So if you want your password to be hard to guess, you should choose something not on any of the
root or appendage lists. You should mix upper and lowercase in the middle of your root. You should
add numbers and symbols in the middle of your root, not as common substitutions. Or drop your
appendage in the middle of your root. Or use two roots with an appendage in the middle.

Even something lower down on PRTK's dictionary list – the seven-character phonetic pattern
dictionary – together with an uncommon appendage, is not going to be guessed. Neither is a
password made up of the first letters of a sentence, especially if you throw numbers and symbols in
the mix. And yes, these passwords are going to be hard to remember, which is why you should use a
program like the free and open-source Password Safe to store them all in. (PRTK can test only 900
Password Safe 3.0 passwords per second.)

Even so, none of this might actually matter. AccessData sells another program, Forensic Toolkit, that,
among other things, scans a hard drive for every printable character string. It looks in documents, in
the Registry, in e-mail, in swap files, in deleted space on the hard drive ... everywhere. And it creates
a dictionary from that, and feeds it into PRTK.

And PRTK breaks more than 50 percent of passwords from this dictionary alone.

What's happening is that the Windows operating system's memory management leaves data all over
the place in the normal course of operations. You'll type your password into a program, and it gets
stored in memory somewhere. Windows swaps the page out to disk, and it becomes the tail end of
some file. It gets moved to some far out portion of your hard drive, and there it'll sit forever. Linux
and Mac OS aren't any better in this regard.

I should point out that none of this has anything to do with the encryption algorithm or the key
length. A weak 40-bit algorithm doesn't make this attack easier, and a strong 256-bit algorithm
doesn't make it harder. These attacks simulate the process of the user entering the password into
the computer, so the size of the resultant key is never an issue.

For years, I have said that the easiest way to break a cryptographic product is almost never by
breaking the algorithm, that almost invariably there is a programming error that allows you to
bypass the mathematics and break the product. A similar thing is going on here. The easiest way to
guess a password isn't to guess it at all, but to exploit the inherent insecurity in the underlying
operating system.
---

Bruce Schneier is the CTO of BT Counterpane and the author of Beyond Fear: Thinking Sensibly
About Security in an Uncertain World. You can contact him through his website.

MySpace Passwords Aren't So Dumb

Google's Click-Fraud Crackdown

Your Thoughts Are Your Password

Never Forget Another Password

My Data, Your Machine

The Architecture of Security

Everyone Wants to 'Own' Your PC

More Ways To Stay Safe

For next level security, just go ahead and get a Yubikey

If that feels like too much, a password manager would still up your game

Alright, fine. At the very least, follow these 7 steps for better passwords

#POLITICS

Forensic Toolkit

FTK Logo
Developer(s) AccessData

Stable release

6.2 / May 3, 2017; 2 years ago

Operating system Windows

Available in English

Type Computer forensics

Website https://accessdata.com/products-services/forensic-toolkit-ftk