Cracking Windows passwords in seconds [updated]

If your passwords consist of letters and numbers, beware.

Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds from 1 minute 41 seconds. The method involves using large lookup tables to match encoded passwords to the original text entered by a user, thus speeding the calculations required to break the codes. Called a time-memory trade-off, the situation means that an attacker with an abundance of computer memory can reduce the time it takes to break a secret code.

The results highlight a fact about which many security researchers have worried: Microsoft"s manner for encoding passwords has certain weaknesses that make such techniques particularly effective, Philippe Oechslin, a senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL), wrote in an e-mail to CNET News.com. "Windows passwords are not very good," he wrote. "The problem with Windows passwords is that they do not include any random information."

News source: C|Net News.com

View: BugTraq Archive - Cracking windows passwords in 5 seconds

View: LASEC - Advanced Instant NT Password Cracker (actual working web based demo)

Report a problem with article
Next Article

Conspiracy sues Eminem

Previous Article

Money 2004 add-ons