Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ophcrack Says Your Password Is Insecure

Posted by CmdrTaco on from the something-to-play-with dept.

javipas writes "An insightful article at Jeff Atwood's Coding Horror reveals the power inside Ophcrack, an Open Source program that is capable of discovering virtually any password in Windows operating systems. The article explains how passwords get stored on Windows using hash functions, and how Ophcrack can generate immense tables of words and letter combinations that are compared to the password we want to obtain. The program is available in Windows, Mac OS and Linux, but be careful: the generated tables that Ophcrack uses are really big, and you should allow up to 15 Gbytes to store these tables."

4 of 249 comments (clear)

  1. Windows is insecure by design by Anonymous Coward · · Score: 4, Insightful


    if i have physical access to the machine and have a bootable CD i have no need to crack any passwords
    i can just reset the password and carry on, i have a customer whos 9yo girl showed me how she "cracks" her brothers password by booting in safe mode and simply removing his password
    luckliy in some ways iam glad windows is insecure, i can only imagine the hell a user (and MS) would go through when you tell them that their entire photo/music collection is toast because they forgot their 21 random character hard to remember password

    dont blame the user blame the whole crappy password concept

  2. Re:So... by jayhawk88 · · Score: 5, Insightful

    The point is that it can get the password in under 5 minutes. You could bring along something like L0pht, and then wait 2 weeks while it brute forces it.

  3. Re:Test ophcrack live. by realdodgeman · · Score: 4, Insightful

    It does crack 99% of used passwords, not 99% of theoretical passwords.

  4. Re:There's no way they're getting my password! by vux984 · · Score: 4, Insightful

    IMO There is absolutely no point in having a login password for stand-alone machines as it is TRIVIAL to bypass with something as easy as a boot CD/floppy that just resets the passwords, as long as you have physical access to the box, (or just yank out the hard drive and remount somewhere else).

    IMO There is absolutely no point in having a lock on a bathroom door, as it is TRIVIAL to bypass with something as simple as a small screwdriver.

    Oh wait, yet, despite that, it is remarkably effective at keeping people out while your in there.

    Many locks and passwords are more symbolic than anything else. Most people respect the implied privacy requested by a lock or password. Even if they know they could circumvent it trivially, they don't do it.