Menu
▾
▴
Re: [Dev-C++] (no subject)
|
From: Per W. <pw...@ia...> - 2003-07-24 01:07:53
|
One more thing - this information is about cracking a password, i.e. finding out what it is. If I don't bother, there are a number of programs available what will allow setting a new password without knowing the old. /Per W On Thu, 24 Jul 2003, Ioannis Vranos wrote: > I think this is interesting for everyone in the list, so I thought to drop > it in here. > > > > >From WinInfo Daily Update: > > === 1. News and Views ==== > by Paul Thurrott, thu...@wi... > > Researchers Crack Windows Passwords in Seconds > Swiss researchers have developed a password-cracking scheme, based > on a method first developed in 1980, that lets them crack most Windows > passwords in about 13 seconds (the original method takes more than a > minute and a half longer). The scheme enforces a growing concern in > the security community that the way in which Microsoft encodes > passwords in Windows is inherently weak, opening the door for cracking > programs to use brute-force methods to test and break passwords. > Philippe Oechslin, one of the Swiss researchers, recently published > an online paper, "Making a Faster Cryptanalytic Time-Memory > Trade-Off," which highlights the new password-cracking scheme. > Oechslin will present the paper in August at Crypto 2003, an > international cryptology conference held this year at the University > of California, Santa Barbara and organized by the International > Association for Cryptologic Research (IACR) in cooperation with the > IEEE Computer Society Technical Committee on Security and Privacy. > "As an example, we have implemented an attack on MS-Windows > password hashes," the researchers write. "Using 1.4GB of data (two > CD-ROMs) we can crack 99.9 percent of all alphanumerical passwords > hashes ... in 13.6 seconds whereas it takes 101 seconds with the > current approach using distinguished points. We show that the gain > could be even much higher depending on the parameters used." > Oddly, the researchers weren't interested in cracking Windows > passwords but rather were trying to demonstrate the previous > theoretical cryptanalytic time-memory trade-off technique. They note > that Microsoft's passwords are weak because, when encrypted, they > don't include any random information. Thus, the same password on two > Windows machines will always be the same when encrypted, which makes > breaking the password encryption much easier than if the passwords > were randomized. > Although generating more secure passwords by using nonalphanumeric > characters and other special characters is possible, the researchers > say that even this approach won't solve the inherent problem in > Windows because all they'd need is more time or a larger data set (or > both) to crack those passwords as well. Instead, Microsoft will have > to fix this feature to encrypt passwords with random information, the > researchers say. > > ---------------------------------------------------------------------------- > ----------------------- > > > > > > > Ioannis Vranos > > * Programming pages: http://www.noicys.freeurl.com > * Alternative URL 1: http://run.to/noicys > * Alternative URL 2: http://www.noicys.cjb.net > > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > _______________________________________________ > Dev-cpp-users mailing list > Dev...@li... > TO UNSUBSCRIBE: http://www23.brinkster.com/noicys/devcpp/ub.htm > https://lists.sourceforge.net/lists/listinfo/dev-cpp-users > |
