cmendla - 2:33 pm on May 29, 2013 (gmt 0)
From what I recall ,there are reversible and one way hashes.. One way hashes should not be recoverable.
(PLEASE correct me if I am wrong on this)
However, a dictionary attack could break a one way encrypted password.
Suppose your password is fido and that gets encrypted as (*#&$#(87
There is no way to restore the gibberish to fido.
However, if you build a list of all possible words and run those through the same encryption algo, then you will have a list with the encrypted (*#&$#(87 being in the table. So, if your list has all the possible words and combos of words, then you can crack the password.
Now, people start getting smart and use a 'tough' password.. ie F!d() That could encrypt to something like #&^#*&$^#*
Now you can brute force this with either a massive dictionary or just an app that does a brute force. ie trying every character and combo of characters, running it through the one way encryption, then matching that against the encrypted hash you are trying to crack.
A couple of years ago that would have been a nightmare. However, with zombie bot nets out there, you could hand that job off. Thousands of hacked machines working on the problem on a distributive basis would work eventually.
I suppose we will start moving toward dongles or some other 2 part authentication