Cracking passwords in Windows 7, Child's play

[hdood]

Rich? Owenw? Have you located your evidence yet?

[+Anarkii Subscriber²]

oh wow this is bad for security

[Maryolexn]

Cracking passwords with Windows 7 is no different or more difficult than it was with Windows XP

As a result, a lost or stolen Windows 7 laptop is no more secure than a lost or stolen Windows 2000-based system. All anyone has to do is run the Ophcrack tool to recover many, if not all, passwords. (Just make sure you have a good set of NTLM hash tables, like the ones at Free Rainbow Tables.) If Ophcrack doesn't work -- or you want to go a different route -- then try Elcomsoft System Recovery, which can crack basic passwords, reset the local administrator account and more

http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1406621,00.html

ophcrack is not work for me last month. I used Windows Password Recovery Tool 3.0 to reset Windows 7 password . It is a professional Windows password recovery tool for those who have lost or forgot Windows passwords including Windows 7 password. I find it from his blog http://www.blog.windowspasswordsrecovery.com

I also find a blog about windows 7 password. http://www.windows7password.net

So, as the result, I think windows 7 is not safe too.

[Guest xiphi]

I've tried Ophcrack when trying to help a friend recover a password when one of her kids changed it on her, but it didn't even work on my machine and I have a simple password! Luckily, System Restore fixed her problem.

[nub]

For all you who think encryption cannot be evaded, check this out:

1024-bit RSA encryption cracked by carefully starving CPU of electricity

University of Michigan claims they can break the encryption simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the computer to flip single bits of the private key at a time, allowing them to slowly piece together the password.

Source: http://www.engadget....ing-cpu-of-ele/

Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it.

[mokthraka]

they still did it though, the point is, someone will always be able to crack whatever it is you have.

[Astra.Xtreme]

You could do the work of 81 P4 chips with 1 i7. :p

[smooth_criminal1990]

Cracking passwords with Windows 7 is no different or more difficult than it was with Windows XP

As a result, a lost or stolen Windows 7 laptop is no more secure than a lost or stolen Windows 2000-based system. All anyone has to do is run the Ophcrack tool to recover many, if not all, passwords. (Just make sure you have a good set of NTLM hash tables, like the ones at Free Rainbow Tables.) If Ophcrack doesn't work -- or you want to go a different route -- then try Elcomsoft System Recovery, which can crack basic passwords, reset the local administrator account and more

http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1406621,00.html

Not strictly true as 7 and Vista use NTLM instead of just LM which XP does (7 and Vista disable it by default). Though all this does is make the hashes more resistant to bruteforcing as far as I know, probably isn't any better against rainbow tables.

And for the average business with any sense (i.e. fairly secure cases, boot from CD disabled) Windows doesn't let just anyone read the 'SAM' or 'System' files.

[c3ntury]

I reckon Microsoft should buy out TrueCrypt and include it in Windows 8. Would stop alot of exploits and help protect its users alot more.

[XerXis]

You can prove that something exists. You cannot prove that something doesn't exist.

stupid claim, I can quite easily prove that there is no prime number ending in two.

[XerXis]

I reckon Microsoft should buy out TrueCrypt and include it in Windows 8. Would stop alot of exploits and help protect its users alot more.

I'm a truecrypt user and think it's great software, but Microsoft does have a very capable solution with bitlocker. So unless you have something concrete about how bitlocker is slower/less secure than truecrypt I don't really think you have a point.

[leeisl]

stupid claim, I can quite easily prove that there is no prime number ending in two.

2 is a prime number you know. :huh:

[macf13nd]

2 is a prime number you know. :huh:

Great first post!

[funkymunky]

Oh my there is so much FUD in this thread, and crazy conspiracy theories.

Maybe judging by the claims of certain "News Reporters" on here, just goes to show why the Front Page news are quite often erroneous. Be it from grammer/spelling to the actual facts themselves if no real research is done :(

[XerXis]

2 is a prime number you know. :huh:

*insert curse here* i knew i overlooked something :p

let's change that to no prime number ending with 2 and that is bigger than 2 :p

[pawa]

It seems like quite often people seem to misunderstand what Windows passwords are actually good for.

While they play a big role on servers and in big company networks, home computers are not really made any more secure just because of secure Windows passwords.

Although windows passwords protect against some worms like downup, in case of phycisal access by the attacker, they wont help.

Only a combination of windows passwords, full disk encryption and bios-security can help a little against attacks based on physical access.

Still, just to mention, the way windows saves account passwords, got more secure when MS switched the standard algorithm to NTLM in Windows Vista.

However, the point is, that one having physical access to a computer, does not need any windows account password, but only needs to boot from something else than the running operating system and then access the HDD's in the desired way.

[Hum]

I thought discussing 'cracks' was not allowed on Neowin ... :huh:

[iamwhoiam]

I thought discussing 'cracks' was not allowed on Neowin ... :huh:

Giving (or linking to) detailed instructions on how to crack a secure system would be against the rules. I gather that the purpose of this thread is to inform people that the Windows account passwords are not a secure system (never were and still aren't) and that they should not rely on it for security. Several people have posted more secure methods of protecting their data. The purpose of this thread would seem to be how to enhance security rather than how to defeat it and thus it is not against the rules.