How the program works

 

<< Click to Display Table of Contents >>

Navigation:  System and Data Recovery Programs > Proactive Password Auditor > How to work with the program >

How the program works

 

Due to the nature of hashing algorithms (see About Windows passwords), it is not possible to obtain the original password from the hash, whether LM or NTLM. However, it is still possible to find the password using brute-force and dictionary attacks, by testing all possible passwords in a given range, or by trying the words from the wordlist, respectively. So, to get the passwords, we just need to:

 

find password hashes  

find passwords that have the same hashes as the original ones  

 

Because hashing is based on relatively strong algorithms (DES and MD4), finding the right password may take a long time. But because most users prefer passwords that they can easily remember, brute-force and dictionary attacks are often the most effective methods for a malicious user to find a password. So the strength of a password depends on how many characters are in the password, how well the password is protected from being revealed by the owner, and how difficult the password is to guess.  

 

Currently, several attack methods are based on guessing weak passwords by using dictionary, brute force and rainbow attacks.