New fast password cracking scheme

Discussion in 'other security issues & news' started by msingle, Aug 22, 2003.

Thread Status:
Not open for further replies.
  1. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    I saw this the other day and was wondering exactly how we would ever be able to have secure passwords:
    http://news.com.com/2100-1009-5053063.html

    Basically they can crack passwords up to 78 characters using alphanumeric & 16 other characters in less than a minute using some new algorithms.

    Maybe I'm missing something here and there's more to it though.

    Thoughts?
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    In fact they are using a list of pre-built encrypted password and use that list as a lookup table to find the unencrypted password.

    The possibility of protecting your password against such an attack depends on the availability of the encrypted password. This attack requires the encrypted text of your password.

    The passwords are stored in the SAM files. A samdump tool will show the encrypted passwords that can be cracked by this Swiss method.
    Also the encrypted password are send over the network, sniffing could result in a network packet with the encrypted password.

    Protection:
    For your own system: protect the machine itself, both physical and logical, in order to avoid access to the SAM. Physical is easy... logical: install a firewall, anti trojan and the lot (plenty of info here).
    Other systems:
    prevent the sniffing of passwords :eek: difficult on wide area networks, more easy in local area networks (use a switched network or network encryption).
    And for systems out of your control: do use a different password, so that compromising your password is a one system loss.
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    well that sucks ouch
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.