CAIN AND ABEL SOFTWARE

1. Explain the two different types of attacks that can be performed in Cain and Abel to crack user account passwords. Which do you think is the most effective and why?

Otherwise known as the LAN Manager hash (Lan Man) is the primary procedure used to encrypt passwords in the main storage disk. It begins with converting the uppercase letters and if it is still bigger than fourteen bytes, it is divided in to half (seven bytes) then adds a void fragment at the beginning of each half. At the end, the LM Method forms a sixteen-bit value called the LM Hash. The other method is the NTML, or NT LAN Manager, includes passwords encrypted in Unicode manner making the number of characters more than the LAN Manager sort of attack.

NTML Passwords are case responsive and can also exist in longer than 128 typesets. The latter method is most efficient because its algorithms are of a bigger keyspace than LM, making it stronger in cracking of passwords. The LAN Manager has limited characters only in the uppercase category and therefore cracking the passwords into half exposes it to separate attacks permitted by sixty nine characters of the power of digit seven.

2. Compare and contrast the results from the two methods used to crack the accounts. What conclusions can you make after using these two methods?

            The formation of a sixteen-bit rate encryption, the LM Hash, makes the algorithm vulnerable in its performance. Unicode basis provided by the NTLM Increases the plain for more characters in use, strengthening and not susceptible to attacks on it. Though much more time is required to crack passwords using the NT LAN Manager skill, analyzing the sixty-nine possible values of the power of seven created by the separate halves in the LM type of attack, categorizes the characters in the ASCII Characters. Conversion of the passwords into the uppercase letters by the initial technique alters the results obtained by the first method, giving the NTML procedure to become more effectively by skipping this protocol.

1. Research another algorithm used to store passwords that were not discussed here.

The Secure hash Algorithm (SHA-1) creates a one hundred and sixty bit encryption within five rounds of dispensation and was initially invented in the year 1993, and revised two years later. In order to prehash the text into a string of a multiple of the number 512, it is forced to range through the process called message padding. Protection and storage of the password using the SHA-1 Method is provide through computationally inserting detached wording strings that make similar digests on the message. Therefore, the security provided by the SHA-1 algorithm is based on assumptions of arithmetic impossibilities brought by the production of similar fingerprint as the original complement due to the altered strings of text (Crayton, 2003).
4) Research another password recovery software program and provide a thorough discussion     of it. Compare and contrast it to Cain and Abel.

            The passware is a program developed by Microsoft to recover stored passwords in the Microsoft word and excel software’s by the use of the dictionary and previous password attacks. With the use of the internet and other additional features in the software, the passware is able to decrypt files in the software then uses the internet to create a sample of the initial passwords. In comparison with the Cain and Abel password decrypting software, the passware is not widely able crack or store the user accounts passwords. However, without the additional specks in the passware software expounds widely on the field being used in storage or recovery of soft wares (Passware, 2010).

5) Anti-virus software detects Cain and Able as malware. Do you feel that Cain and Able is malware? Why or why not?

            According to research done on malware programs, such invents usually seize and convey browser and search efforts made by the computer user. Since they are poorly managed, they cause instability and dragging in the computer processes. Cain and Abel software generally recovers the passwords of the user accounts and do not interfere with other processes taking place. Depending on the torrent download of the user, the Cain and Abel software can be detected as a malware by updated anti-viruses in the computer. Genuine reference of the Cain and Abel soft wares’ cannot be in anyway harmful to a computer with regard to its purpose and nature of download or purchase (Ars technica, 2010).

Reference:

Crayton, C., (2003). Security+ exam guide, New York: Cengage Learning.

Passware, http://www.lostpassword.com/excel.htm, retrieved on 28th September, 2010.

Ars technical, http://arstechnica.com/security/news/2004/11/malware.ars, retrieved on 28th             September, 2010.

Law, D. & Bond, M., (2003). Tomcat kick start, London: Sams Publishing.

Jin, H., (2004). Grid and cooperative computing: GCC 2004: third international conference,         Wuhan, China, October 21-24, 2004: proceedings, California: Springer.

Hohmann, L., (2003). Beyond software architecture: creating and sustaining winning solutions,     Chicago: Addison-Wesley.