Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: Randy Marchany <marchany () VT EDU>
Date: Mon, 19 Nov 2007 13:33:31 -0500
We've been using a tool called "ophtcrack" to break into Windows systems where
the user forgot their passwords. It uses Rainbow tables to guess passwords and
so far on Windows boxes, we've successfully retrieved up to 12 character
passwords within 10 minutes. The passwords followed our password strength
guidelines which are fairly standard (upper/lower case, alphanumeric, 8
character minimum). This tool does require physical access to the machine.
Special characters can significantly lengthen the guess time but basically, we
need to find another way to authenticate (2-way authentication AKA the ATM
card/pin code model) in the long term.
-Randy Marchany
VA Tech IT Security Office and Lab
Current thread:
- Passwords & Passphrases Brian T Nichols (Nov 19)
- <Possible follow-ups>
- Re: Passwords & Passphrases Torres, Juan (Nov 19)
- Re: Passwords & Passphrases J. Alex Campoe (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases HALL, NATHANIEL D. (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Steve Worona (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Bob Bayn (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Sweeny, Jonny (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Martin Manjak (Nov 19)
- Re: Passwords & Passphrases Gary Flynn (Nov 19)
(Thread continues...)