Cracking Windows password in seconds

[jaykk]

Why switch ? Here is why

"Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds, from 1 minute 41 seconds"

"The LANMan scheme has several weaknesses, including converting all characters to uppercase, splitting passwords into 7-byte chunks, and not using an additional random element known as "salt." While the more recent NTHash fixes the first two weaknesses, it still does not use a random number to make the hashes more unique.

The result: The same password encoded on two Windows machines will always be the same. That means that a password cracker can create a large lookup table and break passwords on any Windows computer. Unix, Linux and the Mac OS X, however, add a 12-bit salt to the calculation, making any brute force attempt to break the encryption take 4,096 times longer or require 4,096 times more memory.
"

Read there the full story from CNET

 

[idea_hamster]

Hmmm...I'm actually suprised that the algorithm could generally crack a *nix-based password in less than 16 hours (or 13.6 sec. * 4096 / 3600). I would have thought that since these systems may be available 24-7, the bar would be higher.

I don't know too much about security issues like these -- is it obvious to a system administrator that an attempt like this is being made (e.g., thousands of log-in requests)?

More closely to the topic -- how complicated is it to include 12-bit "salt" to the security coding? Is it significantly simpler in *nix? How obtuse does MicroSoft have to be to ignore it?

 

[iJon]

haha, doesn surprise me. its good to know my mac os x secure...to an extent.

iJon

 

[Kwyjibo]

Yeah...That sounds about right?

 

[kylos]

Originally posted by idea_hamster

I don't know too much about security issues like these -- is it obvious to a system administrator that an attempt like this is being made (e.g., thousands of log-in requests)?

The method described doesn't actually make multiple login attempts to break the password. It just recovers the encrypted password on file and then tries to break the encryption to figure out the password. So, although an admin can tell if someone is trying to figure out a password by brute force logins, the activity registered by such a decryption attempt is very minimal. Newer Unixes use shadow passwords to make it somewhat harder to obtain the encrypted password.

 

[MrMacMan]

Originally posted by iJon
haha, doesn surprise me. its good to know my mac os x secure...to an extent.

iJon

Yeah :thinks:
'dude you gotta get off my computer, its been like 10 hours'
'hey man, just wait for get to get off'


16 hours eh?

I think most people could figure it out by them.


BTW, tell me what the web site is doing?
http://lasecpc13.epfl.ch/ntcrack/

What are you sending him/what are you reciving?

Sorry, I'm pretty newbish at cracking passwords.

 

[kylos]

As far as I can tell, you're sending him the encrypted form of your password. In general, a hash is a function that manipulates an input string. In the case of a password, that function should be one-way (e.g. the remainder of a division, the mod function, cannot easily be backtracked because multiple inputs produce the same output) so the decrypter will have to guess what the correct original character might have been.

It seems that he's trying to crack Windows NT passwords, so he wouldn't be able to crack yours. As for how to obtain an encrypted password, that varies with what system you use. I don't yet know how to obtain it on OS X and I'll probably be up all night trying to figure it out and I blame it on you mrmacman!!

Just for clarification, once you know the encrypted password, you won't be occupying the computer you want to crack until you figure out the password. You can crack it on your own computer.