Menu
▾
▴
Re: [Dev-C++] (no subject)
|
From: David M. <ci...@ya...> - 2003-07-24 19:33:51
|
Being able to get the old is worse because the user will not notice that it has changed and a careful person can make it so that no (or rather very few) other traces are left. To make matters worse, many people re-use passwords (makes it easier to rember) --- Per Westermark <pw...@ia...> wrote: > One more thing - this information is about cracking a > password, i.e. > finding out what it is. If I don't bother, there are a > number of programs > available what will allow setting a new password without > knowing the old. > > /Per W > > On Thu, 24 Jul 2003, Ioannis Vranos wrote: > > > I think this is interesting for everyone in the list, > so I thought to drop > > it in here. > > > > > > > > >From WinInfo Daily Update: > > > > === 1. News and Views ==== > > by Paul Thurrott, thu...@wi... > > > > Researchers Crack Windows Passwords in Seconds > > Swiss researchers have developed a password-cracking > scheme, based > > on a method first developed in 1980, that lets them > crack most Windows > > passwords in about 13 seconds (the original method > takes more than a > > minute and a half longer). The scheme enforces a > growing concern in > > the security community that the way in which Microsoft > encodes > > passwords in Windows is inherently weak, opening the > door for cracking > > programs to use brute-force methods to test and break > passwords. > > Philippe Oechslin, one of the Swiss researchers, > recently published > > an online paper, "Making a Faster Cryptanalytic > Time-Memory > > Trade-Off," which highlights the new password-cracking > scheme. > > Oechslin will present the paper in August at Crypto > 2003, an > > international cryptology conference held this year at > the University > > of California, Santa Barbara and organized by the > International > > Association for Cryptologic Research (IACR) in > cooperation with the > > IEEE Computer Society Technical Committee on Security > and Privacy. > > "As an example, we have implemented an attack on > MS-Windows > > password hashes," the researchers write. "Using 1.4GB > of data (two > > CD-ROMs) we can crack 99.9 percent of all > alphanumerical passwords > > hashes ... in 13.6 seconds whereas it takes 101 seconds > with the > > current approach using distinguished points. We show > that the gain > > could be even much higher depending on the parameters > used." > > Oddly, the researchers weren't interested in > cracking Windows > > passwords but rather were trying to demonstrate the > previous > > theoretical cryptanalytic time-memory trade-off > technique. They note > > that Microsoft's passwords are weak because, when > encrypted, they > > don't include any random information. Thus, the same > password on two > > Windows machines will always be the same when > encrypted, which makes > > breaking the password encryption much easier than if > the passwords > > were randomized. > > Although generating more secure passwords by using > nonalphanumeric > > characters and other special characters is possible, > the researchers > > say that even this approach won't solve the inherent > problem in > > Windows because all they'd need is more time or a > larger data set (or > > both) to crack those passwords as well. Instead, > Microsoft will have > > to fix this feature to encrypt passwords with random > information, the > > researchers say. > > > > > ---------------------------------------------------------------------------- > > ----------------------- > > > > > > > > > > > > > > Ioannis Vranos > > > > * Programming pages: http://www.noicys.freeurl.com > > * Alternative URL 1: http://run.to/noicys > > * Alternative URL 2: http://www.noicys.cjb.net > > > > > > > > > > ------------------------------------------------------- > > This SF.Net email sponsored by: Free pre-built ASP.NET > sites including > > Data Reports, E-commerce, Portals, and Forums are > available now. > > Download today and enter to win an XBOX or Visual > Studio .NET. > > > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > > _______________________________________________ > > Dev-cpp-users mailing list > > Dev...@li... > > TO UNSUBSCRIBE: > http://www23.brinkster.com/noicys/devcpp/ub.htm > > > https://lists.sourceforge.net/lists/listinfo/dev-cpp-users > > > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET > sites including > Data Reports, E-commerce, Portals, and Forums are > available now. > Download today and enter to win an XBOX or Visual Studio > .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > _______________________________________________ > Dev-cpp-users mailing list > Dev...@li... > TO UNSUBSCRIBE: > http://www23.brinkster.com/noicys/devcpp/ub.htm > https://lists.sourceforge.net/lists/listinfo/dev-cpp-users ===== Signed David Mcken Life Sucks Live with it __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com |
