<P> On July 18, 2011, Microsoft Hotmail banned the password: "123456". </P> <P> In July 2015, a group calling itself "The Impact Team" stole the user data of Ashley Madison . Many passwords were hashed using both the relatively strong bcrypt algorithm and the weaker MD5 hash . Attacking the latter algorithm allowed some 11 million plaintext passwords to be recovered . </P> <P> The best method of preventing a password from being cracked is to ensure that attackers cannot get access even to the hashed password . For example, on the Unix operating system, hashed passwords were originally stored in a publicly accessible file / etc / passwd . On modern Unix (and similar) systems, on the other hand, they are stored in the shadow password file / etc / shadow, which is accessible only to programs running with enhanced privileges (i.e., "system" privileges). This makes it harder for a malicious user to obtain the hashed passwords in the first instance, however many collections of password hashes have been stolen despite such protection . Another strong approach is to combine a site - specific secret key with the password hash, which prevents plaintext password recovery even if the hashed values are purloined . A third approach is to use key derivation functions that reduce the rate at which passwords can be guessed . Unfortunately, many common Network Protocols transmit passwords in cleartext or use weak challenge / response schemes . </P> <P> Modern Unix Systems have replaced traditional DES - based password hashing function crypt () with stronger methods such as bcrypt and scrypt . Other systems have also begun to adopt these methods . For instance, the Cisco IOS originally used a reversible Vigenère cipher to encrypt passwords, but now uses md5 - crypt with a 24 - bit salt when the "enable secret" command is used . These newer methods use large salt values which prevent attackers from efficiently mounting offline attacks against multiple user accounts simultaneously . The algorithms are also much slower to execute which drastically increases the time required to mount a successful offline attack . </P>

What are the different ways of password cracking