Ophcrack Says Your Password Is Insecure
javipas writes "An insightful article at Jeff Atwood's Coding Horror reveals the power inside Ophcrack, an Open Source program that is capable of discovering virtually any password in Windows operating systems. The article explains how passwords get stored on Windows using hash functions, and how Ophcrack can generate immense tables of words and letter combinations that are compared to the password we want to obtain. The program is available in Windows, Mac OS and Linux, but be careful: the generated tables that Ophcrack uses are really big, and you should allow up to 15 Gbytes to store these tables."
From the linked blog: "How fast? It can crack the password "Fgpyyih804423" in 160 seconds. Most people would consider that password fairly secure."
Sorry Jeff, but thats a shit password. If I remember correctly NT drop anything after the first 8 characters so the password is actually "Fgpyyih8" You have one uppercase letter in there and one number. That's terrible. Where are your characters like !@#$%^&*()-_+ or extended ascii stuff? Why are you starting with a capitalized letter?
I used the CD version of ophtcrack and played with the larger 2+ gig rainbow table assortment and found it pretty weak, if not useless, against a reasonable password policy.