In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. Another common approach is to say that you have "forgotten" the password and then change it.
Crack is a freely available program designed to find standard Unix DES-encrypted passwords by
standard guessing techniques. It is written to be flexible, configurable and fast, and to be able to
make use of several networked hosts via the Berkeley rsh program (or similar), where possible.
This program checks your users' passwords for "guessable" values. It works by encrypting a list of
likely passwords and seeing if the result matches any of your user's encrypted passwords (which
must be provided to it). It is surprisingly effective and easy to use....
Often, several of these testing techniques are used together to gain more comprehensive assessment of the
overall network security posture. For example, penetration testing usually includes network scanning and
vulnerability scanning to identify vulnerable hosts and services that may be targeted for later penetration.
Some vulnerability scanners incorporate password cracking. None of these tests by themselves will
provide a complete picture of the network or its security posture. Table 3.1 at the end of this section
summarizes the strengths and weaknesses of each test.