Overview
cracking.ovh provides online tools dedicated to secret cracking and offensive security. Discover our solutions for performing brute-force and dictionary attacks on various types of secrets, passwords, or tokens.
Featured Tool
-
jwt.cracking.ovh
Crack JWT (JSON Web Token) secrets using dictionary or brute-force attacks. Analyze, decode, and test the strength of your JWT tokens online.
Understanding Secret Cracking: Brute-Force and Dictionary Attacks
Secret cracking is the process of recovering a password or secret key by testing many possible combinations. Two main methods exist:
- Brute-force attack: tries all possible combinations until the correct one is found. This approach is exhaustive but very time and resource consuming, especially if the secret is long or complex.
- Dictionary attack: uses a precompiled list of common words, phrases, or secrets (called a dictionary). This method is faster and more effective if the victim uses a weak or common password.
These techniques are used both by security researchers to test system robustness and by attackers to gain unauthorized access. Choosing long, complex, and unique secrets is essential to defend against these attacks.
Example: JWT Cracking
A JWT (JSON Web Token) is an authentication token used to secure exchanges between applications. It contains a signature generated from a secret: if this secret is weak, it can be recovered by brute-force or dictionary attack, compromising the application's security.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaXNBZG1pbiI6ZmFsc2V9.EypViEDiJhjeuXgjtGdibxrFPFZyYKn-KqFeAw3c2No
The jwt.cracking.ovh tool lets you test the strength of your JWT tokens online.
Why Use These Tools?
- Test the security of your own applications
- Learn and understand common attack methods
- Strengthen your secrets and passwords against cracking