Menu
▾
▴
Re: [Dev-C++] (no subject)
|
From: David M. <ci...@ya...> - 2003-07-24 19:29:27
|
Indeed it is!! --- Ioannis Vranos <iv...@em...> wrote: > I think this is interesting for everyone in the list, so > I thought to drop > it in here. > > > > From WinInfo Daily Update: > > === 1. News and Views ==== > by Paul Thurrott, thu...@wi... > > Researchers Crack Windows Passwords in Seconds > Swiss researchers have developed a password-cracking > scheme, based > on a method first developed in 1980, that lets them crack > most Windows > passwords in about 13 seconds (the original method takes > more than a > minute and a half longer). The scheme enforces a growing > concern in > the security community that the way in which Microsoft > encodes > passwords in Windows is inherently weak, opening the door > for cracking > programs to use brute-force methods to test and break > passwords. > Philippe Oechslin, one of the Swiss researchers, > recently published > an online paper, "Making a Faster Cryptanalytic > Time-Memory > Trade-Off," which highlights the new password-cracking > scheme. > Oechslin will present the paper in August at Crypto 2003, > an > international cryptology conference held this year at the > University > of California, Santa Barbara and organized by the > International > Association for Cryptologic Research (IACR) in > cooperation with the > IEEE Computer Society Technical Committee on Security and > Privacy. > "As an example, we have implemented an attack on > MS-Windows > password hashes," the researchers write. "Using 1.4GB of > data (two > CD-ROMs) we can crack 99.9 percent of all alphanumerical > passwords > hashes ... in 13.6 seconds whereas it takes 101 seconds > with the > current approach using distinguished points. We show that > the gain > could be even much higher depending on the parameters > used." > Oddly, the researchers weren't interested in cracking > Windows > passwords but rather were trying to demonstrate the > previous > theoretical cryptanalytic time-memory trade-off > technique. They note > that Microsoft's passwords are weak because, when > encrypted, they > don't include any random information. Thus, the same > password on two > Windows machines will always be the same when encrypted, > which makes > breaking the password encryption much easier than if the > passwords > were randomized. > Although generating more secure passwords by using > nonalphanumeric > characters and other special characters is possible, the > researchers > say that even this approach won't solve the inherent > problem in > Windows because all they'd need is more time or a larger > data set (or > both) to crack those passwords as well. Instead, > Microsoft will have > to fix this feature to encrypt passwords with random > information, the > researchers say. > > ---------------------------------------------------------------------------- > ----------------------- > > > > > > > Ioannis Vranos > > * Programming pages: http://www.noicys.freeurl.com > * Alternative URL 1: http://run.to/noicys > * Alternative URL 2: http://www.noicys.cjb.net > > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET > sites including > Data Reports, E-commerce, Portals, and Forums are > available now. > Download today and enter to win an XBOX or Visual Studio > .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > _______________________________________________ > Dev-cpp-users mailing list > Dev...@li... > TO UNSUBSCRIBE: > http://www23.brinkster.com/noicys/devcpp/ub.htm > https://lists.sourceforge.net/lists/listinfo/dev-cpp-users ===== Signed David Mcken Life Sucks Live with it __________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com |
