First, a couple points of clarification.
- Passwords are typically hashed, not encrypted, as was pointed out above.
- Plaintext passwords are typically sent to the server for the application to hash and compare against what is in the database.
I say typically in both cases, because there are exceptions. For passwords sent to the server, a protocol called SRP can be used to never send the password to the server. But it is not used very often.
What can an attacker do? Attacks against hashing algorithms exist, such as the MD5 discussion linked above, that allow the plaintext passwords to be discovered. Common hashing that applications use include:
- MD5
- SHA1
- SHA256
- SHA512
- bcrypt
- scrypt
Tools are out there that build hashes of known words and compare them against the desired hash. For example:
I want to know what the plaintext value of this hash is: 098f6bcd4621d373cade4e832627b4f6. Given the length of the hash and that it contains only hex characters, I can make the educated guess that it is an MD5 hash. I can then run that hash through any number of tools. For the purposes of demonstration, I have created a file with just this hash in it:
$ cat hashlist.crack
myusername:098f6bcd4621d373cade4e832627b4f6
Now I can run a tool against that hash:
$ john hashlist.crack --format=Raw-MD5
Loaded 1 password hash (Raw-MD5 [MD5 128/128 SSSE3 20x])
Press 'q' or Ctrl-C to abort, almost any other key for status
test (myusername)
1g 0:00:00:00 DONE 2/3 (2015-08-09 10:26) 100.0g/s 109300p/s 109300c/s 109300C/s test..blazer
Use the "--show" option to display all of the cracked passwords reliably
Session completed
The plaintext value is test.
Using this tool and other freely-available tools, an attacker can get a list of hashes and crack the plaintext values.
That's why security professionals encourage people to use hashes that are better at resisting cracking, such as bcrypt, as well as encourage the use of strong passwords.
