Interesting People mailing list archives
Cracking windows passwords in 5 seconds
From: Dave Farber <dave () farber net>
Date: Tue, 22 Jul 2003 20:24:34 -0400
Date: Tue, 22 Jul 2003 16:54:33 -0700 From: Richard Perlman <perl () lucent com> Subject: FW: (RPG) Fw: Cracking windows passwords in 5 seconds To: Dave Farber <dave () farber net> Might be of interest to the IPers. Richard ----- Original Message ----- From: <bugtraq () oechslin net> To: <bugtraq () securityfocus com> Sent: Tuesday, July 22, 2003 1:37 PM Subject: Cracking windows passwords in 5 seconds As opposed to unix, windows password hashes can be calculated in advance because no salt or other random information si involved. This makes so called time-memory trade-off attacks possible. This vulnerability is not new but we think that we have the first tool to exploit this. At LASEC (lasecwww.epfl.ch) we have developed an advanced time-memory trade-off method. It is based on original work which was done in 1980 but has never been applied to windows passwords. It works by calculating all possible hashes in advance and storing some of them in an organized table. The more information you keep in the table, the faster the cracking will be. We have implemented an online demo of this method which cracks alphanumerical passwords in 5 seconds average (see http://lasecpc13.epfl.ch/ntcrack). With the help of 0.95GB of data we can find the password after an average of 4 million hash operation. A brute force cracker would need to calculate an average of 50% of all hashes, which amounts to about 40 billion hases for alphanumerical passwords (lanman hash). More info about the method can be found at in a paper at http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Oech03. Philippe Oechslin ------ End of Forwarded Message
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Cracking windows passwords in 5 seconds Dave Farber (Jul 22)