Project 2-1: Use an Online Password Cracker
In this project, you will create a digest on a password and then crack it with an
online cracking website to demonstrate the speed of cracking passwords.
1. The first step is to use a hash algorithm to create a password digest. Use
your web browser to go to www.fileformat.info/tool/hash.htm (if you
are no longer able to access the site through the web address, use a search engine to
search for “Fileformat.Info hash functions”).
2. Under String hash, enter the simple password apple123 in the Text: line.
3. Click Hash.
4. Scroll down the page and copy the MD4 hash of this password to your Clipboard by
selecting the text, right-clicking, and choosing Copy.
5. Open a new tab on your web browser.
6. Go to https://crackstation.net/.
7. Paste the MD4 hash of apple123 into the text box beneath Enter up to 10 non-salted hashes:.
8. In the RECAPTCHA box, enter the current value being displayed in the box that says
Type the text.
9. Click Crack Hashes.
10. How long did it take this online rainbow table to crack this hash?
11. Click the browser tab to return to FileFormat.Info.
12. Under String hash, enter the longer password 12applesauce in the Text: line.
13. Click Hash.
14. Scroll down the page and copy the MD4 hash of this password to your Clipboard.
15. Click to browser tab to return to the CrackStation site.
16. Paste the MD4 hash of 12applesauce into the text box beneath Enter up to 10 nonsalted hashes:.
17. In the RECAPTCHA box, enter the current value being displayed in the box that says
Type the text.
18. Click Crack Hashes.
19. How long did it take this online rainbow table crack this stronger password hash?
20. How long did it take to crack your password hash (DO NOT TELL ME YOUR PASSWORD!!)?
21. What does this tell you about the speed of cracking passwords? What does it tell you about how easy it is for attackers to crack weak passwords?
22. Close all windows
Case 2-1 (use the below template to complete)
Use this link to complete this exercise
Fill in the table in the attached Word document using the reporting format from the particular website that indicates the strength of your passwords (AGAIN DO NOT SUBMIT YOUR PASSWORDS).
Next write a paragraph about this experience. How secure are your passwords? Would any of these tools encourage someone to create a stronger password? Which provided the best information?
Case Project 2.2
Case Project 2-1: Testing Password Strength
How strong are your passwords? Various online tools can provide information
on password strength, but not all feedback is the same. First, assign the numbers 1 through 3 to three of the passwords you are currently using, and write
down the number (not the password) on a piece of paper. Then, enter those passwords into
these three online password testing services:
• How Secure Is My Password (howsecureismypassword.net/)
Figure 2-7 Credit report website
Source: Annual Credit Report
72 Chapter 2 Personal Security
Copyright 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.
`Ìi`ÊÜÌ ÊÌ iÊ`iÊÛiÀÃÊvÊ
• Check Your Password (www.microsoft.com/security/pc-security/password-checker.
• The Password Meter (www.passwordmeter.com/)
Record next to each number the strength of that password as indicated by these three online
tools. Then use each online password tester to modify the password by adding more random
numbers or letters to increase its strength. How secure are your passwords? Would any of
these tools encourage someone to create a stronger password? Which provided the best information? Create a one-paragraph summary of your findings.