Comparison of the strongest methods of cracking passwords and how to prevent them
2025 (English)Independent thesis Basic level (degree of Bachelor), 20 credits / 30 HE credits
Student thesis
Abstract [en]
Passwords remain the most common way to protect online accounts, yet fast legacy hashes such as MD5 make them dangerously easy to crack once a database is stolen. This study measures how four popular cracking techniques—brute force, dictionary, hybrid, and combo list perform against MD5 on modern hardware (RTX 3090 GPU, Ryzen 5800X CPU) virtualised under Proxmox. Then benchmark Hashcat and John the Ripper on both Linux and Windows guests, then compare time-to-crack for eleven test passwords that range from simple words to 20-character random strings. Results show hybrid and combo lists break common word-based passwords in milliseconds, while random 12-plus-character strings resist all attacks within a 24-hour window. The conclusion is that unsalted and salted MD5 is obsolete and recommend immediate migration to memory-hard functions such as Argon2id, paired with password managers or passphrase policies to balance usability and security.
Place, publisher, year, edition, pages
2025. , p. 38
Keywords [en]
Cracking, Hashcat, Hashes, Hashing, MD5, SHA-1, SHA-256, Password Security, Salting, Dictionary Attack, Brute Force, Hybrid Attack, Argon2, bcrypt
National Category
Information Systems
Identifiers
URN: urn:nbn:se:his:diva-25435OAI: oai:DiVA.org:his-25435DiVA, id: diva2:1981580
Subject / course
Informationsteknologi
Educational program
Network and Systems Administration
Supervisors
Examiners
2025-07-042025-07-042025-07-04Bibliographically approved