Abstract | It is common practice to use usernames and passwords for online authentication, but storing them in plain text inside databases is a security risk. Cryptographic one-way hash functions have been introduced to reduce the risk, but their use is often insufficient. The nature of hash functions is introduced and analyzed in the thesis, and in cooperation with the IT department of the University of Tartu, security testing the passwords of the University of Tartu’s user accounts was performed in order to eliminate as many predictable passwords as possible. Testing was performed using the author's software and password dictionaries to break the used NTLM hashes. |