In this article we will discuss various ways through which user can recover or reset his current as well as remote system password. Sometimes it is easier to reset the password than actually recover the password provided user has access to physical system. Often it is more important recover the password especially when file system is encrypted or when file system is analyzed for Forensic cases.
Password cracking is the alternate way to determine the password that is stored in a system or is being transmitted over wire from/to a system. The reason for us to say that it is an alternative way is because, password cracking process is not something where you are directly talking to the system and asking it for the stored or transmitted password.
Storage and retrieval of passwords is an important aspect of the process of authentication. One might ask: "how is storage and retrieval related to authentication?". Password is used (in combination with login/user name, pin or smart card) for authentication. Hence, if passwords are not stored and retrieved in a secure way, they are not helping the process of authentication.
For a very long time, bruteforce attacks have been used in cryptography to find the various key combinations to crack/cryptanalyze ciphers to clear-text. This has also been used on cracking password based authentication over the web or in the client-side applications. The way attackers do this is by trying all possible combinations of alphabets, numbers and special characters.
Man-in-the-Middle [MITM] attacks have become more common in the past decade. Attackers try and gain access to complicated systems through simple means of intercepting traffic. MITM has several other names, based on the situation and scenario of the attack. Some of them include fire-brigade attack, monkey-in-the-middle attack, and more. MITM could be achieved by attacking in various layers of the OSI model.