Just in case you spent the last centuries on another planet,
I'll remind you what it is: a password, is a piece of
text that only one or a few people know, so one can authenticate
them or give them access to some restricted service.
Multi-user operating systems (Unix, Windows NT) use them, as protected web servers also do. In both cases, a password is just a complement of some ID.
A password can be stolen: you can "sniff" it, hack the database that contains it or look over the shoulder of the guy who is entering it.
Most of the time,it is not displayed when you enter it — the bad guy can still look at the keyboard, but it is harder.
Against the sniffer, you have to encipher it (e.g., connection forms are often transmitted through HTTPS), or implement a challenge / response system.
Last but not least, clear passwords should not be stored, in case hackers steal the database. Unix or NT only keep a "hash" of the passwords. When a user logs on, the system hashes the word he entered and comapres the result to the stored hash.
But this system (or chalenges) is not failsafe...
Even if you do not have "clear" passwords, you can "try" all the probable (or possible) passwords, feed them into the hashing algorithm and look if the result matches the hash (or the answer to the challenge).
Depending on the case, passwords may be broken by exhaustive
search, if each test is quick and if the "space" is small enough
(short passwords), or by a dictionnary attack. This
one is based upon a human flaw (laziness) and means that we are
going to try only common words. i.e. we have more chances to
find "abc" than "ZynBRRi".
Some tools derives "possible" words from the dictionnary: from "abcd", we are going to try "abcd1", "abcd2", etc.
Among those common words, we can find: words from the user's mothertongue, and first names.
In fact, all this was just an introduction to what is coming below...
It is here or there.
I compile this from miscellaneous sources...
A few remarks:
ispell et aspell are free spell checkers. You can find dictionnaries in many languages, but you have to clean them before you can feed a tool like Cracklib or John with them. [...]