Cracking Windows passwords in seconds

Dom · Jul 23, 2003, 03:56 AM

Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds from 1 minute 41 seconds.

The method involves using large lookup tables to match encoded passwords to the original text entered by a user, thus speeding the calculations required to break the codes. Called a time-memory trade-off, the situation means that an attacker with an abundance of computer memory can reduce the time it takes to break a secret code.

The results highlight a fact about which many security researchers have worried: Microsoft's manner for encoding passwords has certain weaknesses that make such techniques particularly effective, Philippe Oechslin, a senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL), wrote in an e-mail to CNET News.com.

"Windows passwords are not very good," he wrote. "The problem with Windows passwords is that they do not include any random information."

Read More...

~~craig588~~ · Jul 23, 2003, 04:37 AM

If I needed to gain access to a windows system I would just bypass the password rather than cracking it. There are so many ways to bypass the password rather than acctually breaking it.

Mac Daddy · Jul 23, 2003, 12:02 PM

I have to admit Windows passwords are not very good.

On a slightly different subject:

In my line of work (car audio/vehicle security) I have seen may problems with coding over the years.
In fact garage door openers were the worst

Ungo(Clarion) Security systems that we sell use the concept of rolling codes.
Both the receiver and transmitter are synchronized.
In fact the coding is so exact and random upon changing the battery in the transmitter the transmitter will have to be re-synchronized or re-coded into the system.

I'm wondering if this concept has or will ever be incorporated into computer software.
Just sharing

The_Neon_Cowboy · Jul 23, 2003, 01:24 PM

i dunno desnt the password strength rely on the user? my pass is filled with ramon info ... and would not be easly cracked... unless they have time to acually try 9,999,999,999,999 diffrent combinations... and with out my firewalls catching or stoping them and me to stay online

its all about guessing the password .. with cracking ... just depend on the user if you use somethin like cat or dog for you password ... no then it not very good if its in the dicionary its in a crackers prog as well as common nicknames, syings, events, numbers, then trys all possable combinations starting with a minum and maximun key length specifyed... to musers use simple easy to rember passwords that make it so easy for crackers it not funny ....

Jul 23, 2003, 03:56 AM	#1
Dom DriverHeaven Extreme Member Join Date: Jun 2002 Posts: 12,940 Rep Power: 0	Cracking Windows passwords in seconds Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds from 1 minute 41 seconds. The method involves using large lookup tables to match encoded passwords to the original text entered by a user, thus speeding the calculations required to break the codes. Called a time-memory trade-off, the situation means that an attacker with an abundance of computer memory can reduce the time it takes to break a secret code. The results highlight a fact about which many security researchers have worried: Microsoft's manner for encoding passwords has certain weaknesses that make such techniques particularly effective, Philippe Oechslin, a senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL), wrote in an e-mail to CNET News.com. "Windows passwords are not very good," he wrote. "The problem with Windows passwords is that they do not include any random information." Read More...

Jul 23, 2003, 12:02 PM	#3
Mac Daddy DriverHeaven Extreme Member Join Date: Jul 2002 Location: Ontario, Canada Posts: 7,950 Rep Power: 79 System Specs	I have to admit Windows passwords are not very good. On a slightly different subject: In my line of work (car audio/vehicle security) I have seen may problems with coding over the years. In fact garage door openers were the worst Ungo(Clarion) Security systems that we sell use the concept of rolling codes. Both the receiver and transmitter are synchronized. In fact the coding is so exact and random upon changing the battery in the transmitter the transmitter will have to be re-synchronized or re-coded into the system. I'm wondering if this concept has or will ever be incorporated into computer software. Just sharing __________________ "My mom said the only reason men are alive is for lawn care and vehicle maintenance." - Tim Allen

Jul 23, 2003, 01:24 PM	#4
The_Neon_Cowboy HardwareHeaven Extreme Member Join Date: Dec 2002 Location: U.S.A. Posts: 16,009 Rep Power: 92 System Specs	i dunno desnt the password strength rely on the user? my pass is filled with ramon info ... and would not be easly cracked... unless they have time to acually try 9,999,999,999,999 diffrent combinations... and with out my firewalls catching or stoping them and me to stay online its all about guessing the password .. with cracking ... just depend on the user if you use somethin like cat or dog for you password ... no then it not very good if its in the dicionary its in a crackers prog as well as common nicknames, syings, events, numbers, then trys all possable combinations starting with a minum and maximun key length specifyed... to musers use simple easy to rember passwords that make it so easy for crackers it not funny .... __________________

Jul 23, 2003, 04:37 AM	#2
~~craig588~~ Banned Join Date: Nov 2002 Location: In clothing Posts: 3,510 Rep Power: 0	If I needed to gain access to a windows system I would just bypass the password rather than cracking it. There are so many ways to bypass the password rather than acctually breaking it.