Cracking Windows password in seconds

Discussion in 'Current Events' started by jaykk, Jul 23, 2003.

  1. jaykk macrumors 6502a

    Jan 5, 2002
    Why switch ? Here is why

    "Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds, from 1 minute 41 seconds"

    "The LANMan scheme has several weaknesses, including converting all characters to uppercase, splitting passwords into 7-byte chunks, and not using an additional random element known as "salt." While the more recent NTHash fixes the first two weaknesses, it still does not use a random number to make the hashes more unique.

    The result: The same password encoded on two Windows machines will always be the same. That means that a password cracker can create a large lookup table and break passwords on any Windows computer. Unix, Linux and the Mac OS X, however, add a 12-bit salt to the calculation, making any brute force attempt to break the encryption take 4,096 times longer or require 4,096 times more memory.

    Read there the full story from CNET
  2. idea_hamster macrumors 65816


    Jul 11, 2003
    NYC, or thereabouts
    Hmmm...I'm actually suprised that the algorithm could generally crack a *nix-based password in less than 16 hours (or 13.6 sec. * 4096 / 3600). I would have thought that since these systems may be available 24-7, the bar would be higher.

    I don't know too much about security issues like these -- is it obvious to a system administrator that an attempt like this is being made (e.g., thousands of log-in requests)?

    More closely to the topic -- how complicated is it to include 12-bit "salt" to the security coding? Is it significantly simpler in *nix? How obtuse does MicroSoft have to be to ignore it?
  3. iJon macrumors 604


    Feb 7, 2002
    haha, doesn surprise me. its good to know my mac os x an extent.

  4. Kwyjibo macrumors 68040


    Nov 5, 2002
  5. kylos macrumors 6502a


    Nov 8, 2002
    The method described doesn't actually make multiple login attempts to break the password. It just recovers the encrypted password on file and then tries to break the encryption to figure out the password. So, although an admin can tell if someone is trying to figure out a password by brute force logins, the activity registered by such a decryption attempt is very minimal. Newer Unixes use shadow passwords to make it somewhat harder to obtain the encrypted password.
  6. MrMacMan macrumors 604


    Jul 4, 2001
    1 Block away from NYC.
    Yeah :thinks:
    'dude you gotta get off my computer, its been like 10 hours'
    'hey man, just wait for get to get off'

    16 hours eh?

    I think most people could figure it out by them.

    BTW, tell me what the web site is doing?

    What are you sending him/what are you reciving?

    Sorry, I'm pretty newbish at cracking passwords. :rolleyes:
  7. kylos macrumors 6502a


    Nov 8, 2002
    As far as I can tell, you're sending him the encrypted form of your password. In general, a hash is a function that manipulates an input string. In the case of a password, that function should be one-way (e.g. the remainder of a division, the mod function, cannot easily be backtracked because multiple inputs produce the same output) so the decrypter will have to guess what the correct original character might have been.

    It seems that he's trying to crack Windows NT passwords, so he wouldn't be able to crack yours. As for how to obtain an encrypted password, that varies with what system you use. I don't yet know how to obtain it on OS X and I'll probably be up all night trying to figure it out and I blame it on you mrmacman!!

    Just for clarification, once you know the encrypted password, you won't be occupying the computer you want to crack until you figure out the password. You can crack it on your own computer.

Share This Page