Go Back   MacRumors Forums > Mac Community > Community Discussion > Current Events

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 23, 2003, 09:45 AM   #1
jaykk
macrumors 6502a
 
Join Date: Jan 2002
Location: AZ
Send a message via AIM to jaykk Send a message via MSN to jaykk Send a message via Yahoo to jaykk
Cracking Windows password in seconds

Why switch ? Here is why

"Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds, from 1 minute 41 seconds"

"The LANMan scheme has several weaknesses, including converting all characters to uppercase, splitting passwords into 7-byte chunks, and not using an additional random element known as "salt." While the more recent NTHash fixes the first two weaknesses, it still does not use a random number to make the hashes more unique.

The result: The same password encoded on two Windows machines will always be the same. That means that a password cracker can create a large lookup table and break passwords on any Windows computer. Unix, Linux and the Mac OS X, however, add a 12-bit salt to the calculation, making any brute force attempt to break the encryption take 4,096 times longer or require 4,096 times more memory.
"

Read there the full story from CNET
jaykk is offline   0 Reply With Quote
Old Jul 23, 2003, 10:43 AM   #2
idea_hamster
macrumors 65816
 
idea_hamster's Avatar
 
Join Date: Jul 2003
Location: NYC, or thereabouts
Hmmm...I'm actually suprised that the algorithm could generally crack a *nix-based password in less than 16 hours (or 13.6 sec. * 4096 / 3600). I would have thought that since these systems may be available 24-7, the bar would be higher.

I don't know too much about security issues like these -- is it obvious to a system administrator that an attempt like this is being made (e.g., thousands of log-in requests)?

More closely to the topic -- how complicated is it to include 12-bit "salt" to the security coding? Is it significantly simpler in *nix? How obtuse does MicroSoft have to be to ignore it?
__________________
The whole problem with the world is that fools and fanatics are always so certain of themselves,
but wiser people so full of doubts. -- B. Russell
idea_hamster is offline   0 Reply With Quote
Old Jul 23, 2003, 11:00 AM   #3
iJon
macrumors 604
 
iJon's Avatar
 
Join Date: Feb 2002
haha, doesn surprise me. its good to know my mac os x secure...to an extent.

iJon
iJon is offline   0 Reply With Quote
Old Jul 23, 2003, 11:07 AM   #4
Kwyjibo
macrumors 68040
 
Kwyjibo's Avatar
 
Join Date: Nov 2002
Yeah...That sounds about right?
Kwyjibo is offline   0 Reply With Quote
Old Jul 23, 2003, 04:47 PM   #5
kylos
macrumors 6502a
 
kylos's Avatar
 
Join Date: Nov 2002
Location: MI
Quote:
Originally posted by idea_hamster

I don't know too much about security issues like these -- is it obvious to a system administrator that an attempt like this is being made (e.g., thousands of log-in requests)?
The method described doesn't actually make multiple login attempts to break the password. It just recovers the encrypted password on file and then tries to break the encryption to figure out the password. So, although an admin can tell if someone is trying to figure out a password by brute force logins, the activity registered by such a decryption attempt is very minimal. Newer Unixes use shadow passwords to make it somewhat harder to obtain the encrypted password.
kylos is offline   0 Reply With Quote
Old Jul 23, 2003, 06:00 PM   #6
MrMacMan
macrumors 601
 
MrMacMan's Avatar
 
Join Date: Jul 2001
Location: 1 Block away from NYC.
Send a message via AIM to MrMacMan
Quote:
Originally posted by iJon
haha, doesn surprise me. its good to know my mac os x secure...to an extent.

iJon
Yeah :thinks:
'dude you gotta get off my computer, its been like 10 hours'
'hey man, just wait for get to get off'


16 hours eh?

I think most people could figure it out by them.


BTW, tell me what the web site is doing?
http://lasecpc13.epfl.ch/ntcrack/

What are you sending him/what are you reciving?

Sorry, I'm pretty newbish at cracking passwords.
__________________
There is a little Steve in all of us!
-->Folding is Fighting Against Disease and help MacRumors. Join Today!<--
Props to --> Shadowfax For Making My Avatar!
IM Me On AIM Already!
MrMacMan is offline   0 Reply With Quote
Old Jul 24, 2003, 06:37 PM   #7
kylos
macrumors 6502a
 
kylos's Avatar
 
Join Date: Nov 2002
Location: MI
As far as I can tell, you're sending him the encrypted form of your password. In general, a hash is a function that manipulates an input string. In the case of a password, that function should be one-way (e.g. the remainder of a division, the mod function, cannot easily be backtracked because multiple inputs produce the same output) so the decrypter will have to guess what the correct original character might have been.

It seems that he's trying to crack Windows NT passwords, so he wouldn't be able to crack yours. As for how to obtain an encrypted password, that varies with what system you use. I don't yet know how to obtain it on OS X and I'll probably be up all night trying to figure it out and I blame it on you mrmacman!!

Just for clarification, once you know the encrypted password, you won't be occupying the computer you want to crack until you figure out the password. You can crack it on your own computer.
kylos is offline   0 Reply With Quote


Reply
MacRumors Forums > Mac Community > Community Discussion > Current Events

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Lost windows 7 password. Need to create windows bootable usb with my mac oxplode OS X 1 Mar 17, 2014 11:35 AM
Resetting Admin Password on Windows Embedded sk1wbw Alternatives to iOS and iOS Devices 0 Sep 22, 2013 03:39 PM
Windows 7 not recognizing right password Sage Nabooru Windows, Linux & Others on the Mac 4 Mar 26, 2013 03:19 PM
Mac OS Boots in 5 seconds, Windows in 1 minute? LelandT50 MacBook Pro 15 Jan 8, 2013 10:07 PM

Forum Jump

All times are GMT -5. The time now is 08:01 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC