Editing Password cracking (section)

{{Short description|Recovering passwords stored or transmitted by computer systems}}
{{Use mdy dates|date=April 2025}}

In cryptanalysis and [[computer security]], '''password cracking''' is the process of guessing passwords<ref name=":0"/> protecting a [[computer system]]. A common approach ([[brute-force attack]]) is to repeatedly try guesses for the password and to check them against an available [[cryptographic hash function|cryptographic hash]] of the password.<ref name="MM1">{{cite web |last=Montoro |first=Massimiliano |title=Cain & Abel User Manual: Brute-Force Password Cracker |website=oxid.it (defunct) |year=2005 |url=http://www.oxid.it/ca_um/topics/brute-force_password_cracker.htm |access-date=August 13, 2013 |url-status=unfit |archive-url=https://web.archive.org/web/20190607000927/http://www.oxid.it/ca_um/topics/brute-force_password_cracker.htm |archive-date=June 7, 2019}}</ref> Another type of approach is '''password spraying''', which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.<ref>{{cite web |url=https://auth0.com/blog/what-is-password-spraying-how-to-stop-password-spraying-attacks/ |title=What Is Password Spraying? How to Stop Password Spraying Attacks}}</ref>

The purpose of password cracking might be to help a user recover a forgotten password (due to the fact that installing an entirely new password would involve System Administration privileges), to gain unauthorized access to a system, or to act as a preventive measure whereby [[system administrator]]s check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence to which a judge has allowed access, when a particular file's permissions restricted.