Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: Randy Marchany <marchany () VT EDU>
Date: Mon, 19 Nov 2007 13:33:31 -0500
We've been using a tool called "ophtcrack" to break into Windows systems where the user forgot their passwords. It uses Rainbow tables to guess passwords and so far on Windows boxes, we've successfully retrieved up to 12 character passwords within 10 minutes. The passwords followed our password strength guidelines which are fairly standard (upper/lower case, alphanumeric, 8 character minimum). This tool does require physical access to the machine. Special characters can significantly lengthen the guess time but basically, we need to find another way to authenticate (2-way authentication AKA the ATM card/pin code model) in the long term. -Randy Marchany VA Tech IT Security Office and Lab
Current thread:
- Passwords & Passphrases Brian T Nichols (Nov 19)
- <Possible follow-ups>
- Re: Passwords & Passphrases Torres, Juan (Nov 19)
- Re: Passwords & Passphrases J. Alex Campoe (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases HALL, NATHANIEL D. (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Steve Worona (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Bob Bayn (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Sweeny, Jonny (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Martin Manjak (Nov 19)
- Re: Passwords & Passphrases Gary Flynn (Nov 19)
(Thread continues...)