Cracking passwords in Windows 7, Child's play

By ilev
in Microsoft (Windows)

 Share

Recommended Posts

  • 3 weeks later...
Neowinian

Maryolexn

Posted
Posted

Cracking passwords with Windows 7 is no different or more difficult than it was with Windows XP

As a result, a lost or stolen Windows 7 laptop is no more secure than a lost or stolen Windows 2000-based system. All anyone has to do is run the Ophcrack tool to recover many, if not all, passwords. (Just make sure you have a good set of NTLM hash tables, like the ones at Free Rainbow Tables.) If Ophcrack doesn't work -- or you want to go a different route -- then try Elcomsoft System Recovery, which can crack basic passwords, reset the local administrator account and more

http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1406621,00.html

ophcrack is not work for me last month. I used Windows Password Recovery Tool 3.0 to reset Windows 7 password . It is a professional Windows password recovery tool for those who have lost or forgot Windows passwords including Windows 7 password. I find it from his blog http://www.blog.windowspasswordsrecovery.com

I also find a blog about windows 7 password. http://www.windows7password.net

So, as the result, I think windows 7 is not safe too.

  • 1 month later...
Veteran

nub

Posted
Posted

For all you who think encryption cannot be evaded, check this out:

1024-bit RSA encryption cracked by carefully starving CPU of electricity

University of Michigan claims they can break the encryption simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the computer to flip single bits of the private key at a time, allowing them to slowly piece together the password.

Source: http://www.engadget....ing-cpu-of-ele/

Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it.

Proficient

smooth_criminal1990

Posted
Posted

Cracking passwords with Windows 7 is no different or more difficult than it was with Windows XP

As a result, a lost or stolen Windows 7 laptop is no more secure than a lost or stolen Windows 2000-based system. All anyone has to do is run the Ophcrack tool to recover many, if not all, passwords. (Just make sure you have a good set of NTLM hash tables, like the ones at Free Rainbow Tables.) If Ophcrack doesn't work -- or you want to go a different route -- then try Elcomsoft System Recovery, which can crack basic passwords, reset the local administrator account and more

http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1406621,00.html

Not strictly true as 7 and Vista use NTLM instead of just LM which XP does (7 and Vista disable it by default). Though all this does is make the hashes more resistant to bruteforcing as far as I know, probably isn't any better against rainbow tables.

And for the average business with any sense (i.e. fairly secure cases, boot from CD disabled) Windows doesn't let just anyone read the 'SAM' or 'System' files.

Grand Master

XerXis

Posted
Posted

I reckon Microsoft should buy out TrueCrypt and include it in Windows 8. Would stop alot of exploits and help protect its users alot more.

I'm a truecrypt user and think it's great software, but Microsoft does have a very capable solution with bitlocker. So unless you have something concrete about how bitlocker is slower/less secure than truecrypt I don't really think you have a point.

Grand Master

funkymunky

Posted
Posted

Oh my there is so much FUD in this thread, and crazy conspiracy theories.

Maybe judging by the claims of certain "News Reporters" on here, just goes to show why the Front Page news are quite often erroneous. Be it from grammer/spelling to the actual facts themselves if no real research is done :(

Rookie

pawa

Posted
Posted

It seems like quite often people seem to misunderstand what Windows passwords are actually good for.

While they play a big role on servers and in big company networks, home computers are not really made any more secure just because of secure Windows passwords.

Although windows passwords protect against some worms like downup, in case of phycisal access by the attacker, they wont help.

Only a combination of windows passwords, full disk encryption and bios-security can help a little against attacks based on physical access.

Still, just to mention, the way windows saves account passwords, got more secure when MS switched the standard algorithm to NTLM in Windows Vista.

However, the point is, that one having physical access to a computer, does not need any windows account password, but only needs to boot from something else than the running operating system and then access the HDD's in the desired way.

Veteran

iamwhoiam

Posted
Posted

I thought discussing 'cracks' was not allowed on Neowin ... :huh:

Giving (or linking to) detailed instructions on how to crack a secure system would be against the rules. I gather that the purpose of this thread is to inform people that the Windows account passwords are not a secure system (never were and still aren't) and that they should not rely on it for security. Several people have posted more secure methods of protecting their data. The purpose of this thread would seem to be how to enhance security rather than how to defeat it and thus it is not against the rules.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.