1
00:00:00,610 --> 00:00:08,200
‫So when performing a password cracking attack, it's either an online or offline attack and we'll look

2
00:00:08,200 --> 00:00:14,620
‫at each method in detail, online password cracking attacks are necessary when you don't have access

3
00:00:14,620 --> 00:00:15,850
‫to the password hashes.

4
00:00:16,630 --> 00:00:22,240
‫When performing an online attack, you're usually presented with a web form asking for username and

5
00:00:22,240 --> 00:00:23,380
‫password combination.

6
00:00:24,430 --> 00:00:30,490
‫Performing an online attack can be very noisy, extremely slow, and sometimes it's not feasible.

7
00:00:31,490 --> 00:00:36,530
‫And many login forms have a lockout feature that locks you out after a certain number of failed login

8
00:00:36,530 --> 00:00:36,980
‫attempts.

9
00:00:37,450 --> 00:00:43,310
‫For example, if I failed to log on to my online banking after multiple tries, my account will be locked

10
00:00:43,310 --> 00:00:44,210
‫for 20 minutes.

11
00:00:45,580 --> 00:00:52,420
‫Now, in addition, online password cracking attacks are very noisy, and when you're throwing random

12
00:00:52,420 --> 00:00:56,420
‫wrong passwords to the system, it's log file will grow tremendously.

13
00:00:56,950 --> 00:01:02,860
‫It looks very suspicious when there are hundreds of wrong password attempts logged in to the same IP

14
00:01:02,860 --> 00:01:03,310
‫address.

15
00:01:04,850 --> 00:01:11,480
‫So to get around these factors, you might try to cover up your IP address via a proxy, use a different

16
00:01:11,480 --> 00:01:18,860
‫proxy for every five to ten guesses, or even attempt a few guesses every 30 minutes so it looks less

17
00:01:18,860 --> 00:01:19,550
‫suspicious.

18
00:01:20,210 --> 00:01:24,440
‫Many of the password cracking programs out there have these features available.

19
00:01:26,170 --> 00:01:33,340
‫Now, offline password cracking attacks are only possible when you have access to the password hashes.

20
00:01:34,150 --> 00:01:39,550
‫The attack is done on your own system or on systems that you have local access to.

21
00:01:40,870 --> 00:01:48,400
‫Unlike an online attack, there are no locks or anything else to stop you on and offline attack because

22
00:01:48,400 --> 00:01:50,260
‫you are doing it on your own machines.

23
00:01:51,200 --> 00:01:56,750
‫The only thing that could hold you back is the limits of your computer hardware, because an offline

24
00:01:56,750 --> 00:02:02,870
‫attack takes advantage of its machine's processing power and its speed is dependent on the speed of

25
00:02:02,870 --> 00:02:03,820
‫the actual machine.

26
00:02:04,220 --> 00:02:10,670
‫So the better the processor and nowadays even graphics cards, more password guessing attempts, you

27
00:02:10,670 --> 00:02:11,930
‫can get per second.