Security of Windows XP Password hashes (NT hash); salting and security

Discussion in 'other security issues & news' started by wearetheborg, Jul 17, 2010.

Thread Status:
Not open for further replies.
  1. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    I know LM hashes are quite insecure.
    1. How are NT hashes ? Say as compared to the blowfish hashing in Linux ?
    What length would a NT hashed password need to have to be as secure (to reverse cracking) as say a 15 char blowfish hashed password ?

    2. Do you manually add some easy salts to your windows passwords to deter rainbow attacks ?

    3. What length password do you recommend for NThashed passwords ?

    4. What password lengths would 10,000 terabyte rainbow tables suffice for ?

    5. Is obtaining a password hash file as difficult for hackers as obtaining a root account (and thus installing a keylogger, making obtaining passwords trivial)?
    Are there cases where installing a keylogger would be much more difficult than obtaining the password hash file?
    Let us assume we are talking about personal computers, not servers which just do password authentication.
    One situtation is where the computer gets stolen, or siezed, or the HDD cloned.

    If the HDD is cloned without the users knowledge, and it contains password hashes that the user uses elsewhere, eg., for banking, then its trouble.

    6. How many different passwords do you have? How do you keep track of them?
     
    Last edited: Jul 17, 2010
Loading...
Thread Status:
Not open for further replies.