This is a proof of concept to exploit the registration functionality of a website to build targeted password cracking engine. I am using Ajax to automatically detect the parameters which are submitted for a successful password and automatically resubmitting the modified passwords. Of course other technologies can be used for the same.

I think I can safely assume that by now we all understand the need of a strong password handling mechanism, which starts from a strong password policy. In the password policy we define the rules for the password selected by the user to login to their account. The idea is to make them stronger so that they are not easily guessed and more importantly, the password cracking tools cannot break them easily. Some websites have stricter password policy as compared to others but more often then not, the website owners also care about the customers as stronger passwords are difficult to remember. The stronger the password is, the chances are that the user might forget it especially if it is not something you use every day. Many companies also define the password policy keeping in mind many criteria, in which two of the main criteria are:

The link for this article located at Anurag Agarwal - Application Security Evangelist is no longer available.