Ophcrack Says Your Password Is Insecure

javipas writes "An insightful article at Jeff Atwood's Coding Horror reveals the power inside Ophcrack, an Open Source program that is capable of discovering virtually any password in Windows operating systems. The article explains how passwords get stored on Windows using hash functions, and how Ophcrack can generate immense tables of words and letter combinations that are compared to the password we want to obtain. The program is available in Windows, Mac OS and Linux, but be careful: the generated tables that Ophcrack uses are really big, and you should allow up to 15 Gbytes to store these tables."

Editors at it again...

[lixee]

An insightful article at Jeff Atwood's Coding Horror reveals the power inside Ophcrack, an Open Source program that is capable of discover virtually any password in Windows operating systems.

Please CmdrTaco, do your job.

Re:Windows is insecure by design

[baggins2001]

I don't really care about this issue with linux. Because zero of my users know how to do this with linux. But MS advertises this as a feature and by god people around here want to be as secure as possible. God forbid someone should stubble on the porn they are storing on their computer. But occassionally they will encrypt something really important and just go, well if I forget it the IT guy can get it back.

We don't have bitlocker on any of our systems, but I'm sure we will in the next 3 months. I haven't even looked at it, but I am concerned that it may be too secure for the users own good.

Re:This is why two factor authentication is necess

[Reverend528]

"This is the passworrd for my new computerr"

That would be a great password, except:

md5sum("This is the passworrd for my new computerr") = fb7393356dd5f5e6d3909e06bf64c91e
md5sum("hello12") = fb7393356dd5f5e6d3909e06bf64c91e

Better luck avoiding an unintentional collision next time.