Big Brother Awards
quintessenz search  /  subscribe  /  upload  /  contact  
/q/depesche *
Linuxwochen Österreich Tour
RSS-Feed Depeschen RSS
Hosted by AKIS
<<   ^   >>
Date: 2003-07-24

Windows Passwoerter knacken in Sekunden

Wieder mal hat MS gezeigt, das sie keine Ahnung haben, wie man Kryptographie richtig implementiert und man sieht, warum man auch mal Sonderzeichen im Passwort verwenden sollte. Alphanumerische Windowspasswoerter knackt die Software vom LASEC innerhalb von wenigen Sekunden.
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-.


What sort of passwords are cracked ?
Our system is able to crack 99,9% of alphanumeric passwords (mixed case letters and numbers) in 5 seconds (average on 1000 passwords). We are also able to crack passwords built with 78 characters (mixed case letters, numbers and 16 others characters) in 30 seconds but there is no web interface to this cracker yet.

Is there something special about windows passwords that makes them easier to crack?
The two ways of encrypting passwords on windows systems, the LanManager hash and the NThash, both lack the use of random information. The hash of a given password will thus be the same on any machine. Because we know in advance how the hashes will look like, we can precalculate all of them and store some of them in our tables. In other password systems (e.g. unix) a random value, called salt, is added to each hash calculation. Since we don't know that value in advance, we cannot create the tables, unless we create a set of tables for every value of salt (4096).


- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-.
edited by Abdul Alhazred
published on: 2003-07-24
comments to
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-.
<<   ^   >>
Druck mich
Linuxwochen Austria

meet q/uintessenz every friday


25. Oktober 2018
freier Eintritt
Big Brother Awards Austria
 related topiqs

bits4free 18. Jan. 2012: Ihre Meinung zählt
Liquid Democracy - direkte Demokratie durch Online-Partizipation?
q/Talk, Di 29. Nov: Es gilt die unSchuldsvermutung!
Bürger unter Generalverdacht und stundenlange Einvernahme von Chattern