 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Rocky Bytes |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Windows 8 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
Adobe CS5 Master Collection |
|
|
|
Hardware |
|
Microsoft Express Mouse |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
 |
Cracking Windows passwords in seconds | |
|
||
| Time: 04:47 EST/09:47 GMT | News Source: CNET | Posted By: Alex Harris | ||
|
If your passwords consist of letters and numbers, beware. Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds from 1 minute 41 seconds. The method involves using large lookup tables to match encoded passwords to the original text entered by a user, thus speeding the calculations required to break the codes. Called a time-memory trade-off, the situation means that an attacker with an abundance of computer memory can reduce the time it takes to break a secret code. The results highlight a fact about which many security researchers have worried: Microsoft's manner for encoding passwords has certain weaknesses that make such techniques particularly effective, Philippe Oechslin, a senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL), wrote in an e-mail to CNET News.com. "Windows passwords are not very good," he wrote. "The problem with Windows passwords is that they do not include any random information." |
||
|
Read Only Comments Return to News |
Displaying Comments 1 through 6 of 6 |
This is an archived static copy of ActiveWin.com. |
| #1 By 7390 (63.211.44.114) at Wednesday, July 23, 2003 05:18:50 AM |
|
"While an attacker would need administrator rights to a system to grab the file that contains the password hashes, the file is still valuable, said David Dittrich, a senior security researcher at University of Washington."
umm...isn't the fact the user has gained Administrative rights enough of a problem? |
| #2 By 2332 (65.221.182.2) at Wednesday, July 23, 2003 09:03:40 AM |
|
#4 is correct. This only works for SAM files - which are only used for local accounts. Active Directory is not affected by this.
In addition, it's never been a big deal to crack SAM files. The big deal is getting the SAM file. |
| #3 By 6859 (206.156.242.36) at Wednesday, July 23, 2003 09:08:19 AM |
|
Cured with three little words: Password Timeout Period
Someone tries to break a password on my system. He fails more than once, he's locked that account. He can try all day if he likes, until it's unlocked he's never going to get it right. If people acutally (and correctly) used the tools already available to them this sort of thing wouldn't even be an issue to write about. |
| #4 By 7797 (63.76.44.252) at Wednesday, July 23, 2003 11:32:32 AM |
|
"Cthulhu, isn't your method of job security a little harsh? Why not two or three tries at least?"
Maybe he likes the attention he gets when users constantly call him to have their accounts unlocked because they misspelled their passwords. ;) |
| #5 By 6859 (206.156.242.36) at Wednesday, July 23, 2003 12:01:15 PM |
|
Most users have etraordinarily simple passwords (like "apple"). Sometimes they get creative and use "apple01." If they can't spell either of those on the first try they have serious issues.
I liken my strategy to that of Mordac the Preventer of Information Services. I don't have to make it easy on the poor (boo hoo) user, I have to make it secure, especially now with all the HIPAA stuff we have to do. Security was/is management's top priority (for the medical records we deal with), as a result I made things secure. |
| #6 By 7390 (63.211.44.114) at Wednesday, July 23, 2003 10:57:10 PM |
|
"Most users have etraordinarily simple passwords (like "apple"). Sometimes they get creative and use "apple01." If they can't spell either of those on the first try they have serious issues."
ROFL that is funny How many "password lockout" phone calls do you anticipate per day? |
