New fast password cracking scheme

Discussion in 'other security issues & news' started by msingle, Aug 22, 2003.

Thread Status:
Not open for further replies.
  1. msingle

    msingle Registered Member

    Jan 25, 2003
    I saw this the other day and was wondering exactly how we would ever be able to have secure passwords:

    Basically they can crack passwords up to 78 characters using alphanumeric & 16 other characters in less than a minute using some new algorithms.

    Maybe I'm missing something here and there's more to it though.

  2. meneer

    meneer Registered Member

    Nov 27, 2002
    The Netherlands
    In fact they are using a list of pre-built encrypted password and use that list as a lookup table to find the unencrypted password.

    The possibility of protecting your password against such an attack depends on the availability of the encrypted password. This attack requires the encrypted text of your password.

    The passwords are stored in the SAM files. A samdump tool will show the encrypted passwords that can be cracked by this Swiss method.
    Also the encrypted password are send over the network, sniffing could result in a network packet with the encrypted password.

    For your own system: protect the machine itself, both physical and logical, in order to avoid access to the SAM. Physical is easy... logical: install a firewall, anti trojan and the lot (plenty of info here).
    Other systems:
    prevent the sniffing of passwords :eek: difficult on wide area networks, more easy in local area networks (use a switched network or network encryption).
    And for systems out of your control: do use a different password, so that compromising your password is a one system loss.
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Feb 3, 2003
    on the sofa
    well that sucks ouch
Thread Status:
Not open for further replies.