Let me start by saying that I’m not an expert password cracker. It’s true that I got my job as head of an IT department at a large advertising company because I cracked the password of their mainframe (and then had to call the mainframe guy because I was afraid I’d accidentally created a procedure), but that was mainly a matter of psychology. Later, while working in IT I was confronted by the secretary of the CFO who had a document that was acting up. Unfortunately, she couldn’t show me the document because it was “confidential.” She gave me a blank document to work on “because it was essentially the same.” (No — it wasn’t.)
I told her I’d do my best, and then that night I stayed behind and installed a little program I’d written that would capture her password the next time she entered it. At the end of the next day I retrieved the information, used it to open the “confidential” document and discovered what the problem was. (No, I don’t remember what it was now.) I then took the precaution of installing that same little program on the computers of any secretary dealing with confidential material. It came in handy and I improved my reputation as being able to fix even the most complicated problems.
As for the confidentiality — I’ve never been interested in what businesses consider confidential, so there was no temptation to do anything sinister with it — as though I’d know what to do with it in the first place.
But password cracking, the way Fielding does it here, is a kettle of fish of a different colour.
To start with, you have to realise that passwords are stored. Of course they are — I mean, how else is the computer going to know if you’ve entered the right password or not. Right? But obviously they can’t be stored in plain text, otherwise anyone could take a peek and find out what the passwords are. Instead they are “hashed,” which means they undergo a mathematical procedure that turns them into a string of letters and numbers that have no discernible bearing upon the actual password itself. It’s not possible to reverse this in order to discover the password from the hash.
So how does cracking software work? It’s really quite simple — it takes a list of known hashes and applies them. Of course, these lists are incredibly long, but they include virtually every word in the English language, as well as words and phrases from games, popular culture and a host of other sources, all hashed. It’s then a simple matter for the program to look through the hashes it’s given to crack and find the corresponding hash and therefore the password.
Are you worried yet? You should be. Passwords are remarkably easy to crack. As one person put it, they’re basically “kiddie script.”
One of the worst ways of cracking a password, and the one most often shown in movies and on TV, is sitting in a room, looking around, and deducing it from a picture on the wall or some such nonsense.
Hackers are generally perceived as unattractive nerds with no social life, and in some cases that’s true. But definitely not always.
Consider Kristina Vladimirovna Svechinskaya. When she was only 21 she had successfully hacked several British and U.S banks resulting in a very comfortable monetary take. She was also crowned “the world’s sexiest computer hacker.”
And I would be remiss if I didn’t mention the fictional, but very social Abby Sciuto, who is NCIS’s resident computer expert (and occasional hacker).
And finally, I really did a fast search in Google Images for a Kim Basinger autograph, and this is what Fielding would have shown Adramelech.