PDA

View Full Version : OT: Windows passwords cracked in 13 seconds



agent
24-07-2003, 10:52 PM
Just thought I'd warn those who give a toss that Windows passwords are extremely insecure.

PC Authority (http://www.pcauthority.com.au/Index.asp?PageType=ArticleDetail&ID=13560&catID=1) article has news on it, including new-fangled words like "cryptanalytic" and "time-memory".

Looks like my next password will have a few non alphanumeric characters in it for the sake of extra time.

And as a side note, can anyone tell me why adding random characters to a password before it is hashed makes it more secure? And how to do this, and how the verifying system knows what random characters were used? As I'd like to create a website login system that implements that.

PoWa
24-07-2003, 11:12 PM
Yes its a well known fact that they can be cracked in that time. This aint brand new information. Only occurs if the user has access to the computer and can copy the SAM file to another location. To crack it in that time, the specific password has to be in the dictionary.

Then if the computer is only using LM authentication, then it takes hardly any time at all to crack. If the machine is using NTLM authentication, then it takes a lot longer, and you have to brute force the passwords.

BIFF
25-07-2003, 12:13 PM
> Yes its a well known fact that they can be cracked in
> that time. This aint brand new information. Only
> occurs if the user has access to the computer and can
> copy the SAM file to another location. To crack it in
> that time, the specific password has to be in the
> dictionary.
>
> Then if the computer is only using LM authentication,
> then it takes hardly any time at all to crack. If the
> machine is using NTLM authentication, then it takes a
> lot longer, and you have to brute force the
> passwords.

Actually I don't think he's talking about a dictionary attack, nor LH hashes. I expect he is refering to this:


At LASEC (lasecwww.epfl.ch) we have developed an advanced time-memory
trade-off method. It is based on original work which was done in 1980 but
has never been applied to windows passwords. It works by calculating all
possible hashes in advance and storing some of them in an organized
table. The more information you keep in the table, the faster the
cracking will be.

We have implemented an online demo of this method which cracks
alphanumerical passwords in 5 seconds average (see
http://lasecpc13.epfl.ch/ntcrack). With the help of 0.95GB of data we can
find the password after an average of 4 million hash operation. A brute
force cracker would need to calculate an average of 50% of all hashes,
which amounts to about 40 billion hases for alphanumerical passwords
(lanman hash).

mikebartnz
25-07-2003, 01:19 PM
Your are right there Biff and they have got it down to 5 seconds now.

Kame
25-07-2003, 02:33 PM
Agent,

You must have misread it, after it's encrypted random information is then added, that way if someone out there figured out the way to reverse the algorithm that created the password it would be thrown off by the random information added. It makes it secure to a point, but once someone learns how the random information was added and the algorithm reversed, it'll be a whole new story of trying to come up with another unbreakable algorithm.

I hope you understand the encryption, algorithm the whole schamozzle. There are many ways to implement this for websites, first would be encrypting the password with your algorithm then the random characters could be generated from a piece of hardware in your system, maybe an encrypted string of your hard drive's serial, anything really that no one else would have, so it's your own machines specifics, the more you put into it the more protection you can add, but it's time consuming, and no matter what you do, it's only making it improbable to crack, not impossible. Sometimes you have to level out what is more important, getting presence on the web or just spending ages on protecting it.

With the amount of flaws found in software, they may not even require breaking your algorithm to get in.

roofus
25-07-2003, 08:14 PM
for you not so encyption savy people have a read of how it works here (http://computer.howstuffworks.com/encryption.htm)

vk_dre
25-07-2003, 09:55 PM
Thanks for the link Roofus, i was a bit lost till u posted that link. This stuff is too complicated. :)

cheers,
v.K

vk_dre
25-07-2003, 09:56 PM
> Thanks for the link Roofus, i was a bit lost till u
> posted that link. This stuff is too complicated. :)

Just kidding....:D so can u guys summarise wot u have written, cos there is 2 much to read.

cheers,
v.K