Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: Randy Marchany <marchany () CANDI2 CIRT VT EDU>
Date: Mon, 19 Nov 2007 13:33:45 -0500
We've been using a tool called "ophtcrack" to break into systems where the
user forgot their passwords. It uses Rainbow tables to guess passwords and so
far on Windows boxes, we've successfully retrieved up to 12 character
passwords within 10 minutes. The passwords followed our guidelines. This tool
does require physical access to the machine. Special characters can
significantly lengthen the guess time but basically, we need to find another
way to authenticate (2-way authentication AKA the ATM card/pin code model) in
the long term.
-Randy Marchany
VA Tech IT Security Office and Lab
Current thread:
- Passwords & Passphrases Brian T Nichols (Nov 19)
- <Possible follow-ups>
- Re: Passwords & Passphrases Torres, Juan (Nov 19)
- Re: Passwords & Passphrases J. Alex Campoe (Nov 19)
- Re: Passwords & Passphrases Roger Safian (Nov 19)
- Re: Passwords & Passphrases HALL, NATHANIEL D. (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Randy Marchany (Nov 19)
- Re: Passwords & Passphrases Steve Worona (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Bob Bayn (Nov 19)
- Re: Passwords & Passphrases Julian J Thompson (jthmpsn2) (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Sweeny, Jonny (Nov 19)
- Re: Passwords & Passphrases Shane Bishop (Nov 19)
- Re: Passwords & Passphrases Martin Manjak (Nov 19)
- Re: Passwords & Passphrases Gary Flynn (Nov 19)
- Re: Passwords & Passphrases Peters, Kevin (Nov 19)
(Thread continues...)