Slashdot Mirror
Ophcrack Says Your Password Is Insecure
javipas writes "An insightful article at Jeff Atwood's Coding Horror reveals the power inside Ophcrack, an Open Source program that is capable of discovering virtually any password in Windows operating systems. The article explains how passwords get stored on Windows using hash functions, and how Ophcrack can generate immense tables of words and letter combinations that are compared to the password we want to obtain. The program is available in Windows, Mac OS and Linux, but be careful: the generated tables that Ophcrack uses are really big, and you should allow up to 15 Gbytes to store these tables."
"Passwords should never be saved as plaintext"
/etc/passwd, bitch!
Tell that to
Second, if you've computed all possible hash values for all possible character combinations, then it really doesn't matter what your password is, since you only have to have the input hash to the correct hash value. Since an infinite number of character strings map to a finite number of hash values, it is only a matter of building the tables before you can hack any system.
Third, if your only defense against this type of attack is a single password, you're screwed.
Fourth, if you are worried about this sort of attack and you still live with your parents, it's probably not really too critical that you implement heavy-duty, multiple-hardened points on your Gentoo system right now. You'll have plenty of time to implement that sort of security after you finish your current bag of Cheetos.
(blank)
password
password1 That formula will crack 90% of Windows passwords out there. The remaining 10% are what the other 14.999999 GB in the table are for.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Windows has a security feature it uses when a user attempts to create a 15Gb table called "crashing". This makes it extremely difficult to break in using the tool defined.....
You laugh but Windows indeed blocks some operations when no password is assigned. So - no password sometimes may be better than crackable password.
Got it.
norad:~# echo "" | md5sum
68b329da9893e34099c7d8ad5cb9c940 -
Actually, it's:
Password:
LM Hash: AAD3B435B51404EEAAD3B435B51404EE
NT Hash: 31D6CFE0D16AE931B73C59D7E0C089C0
Windows password hashes are not MD5...
Brought to you by the "genhash" utility of the PassTheHash toolkit for Windows. (Google it, it's awesome.)
The point is that it can get the password in under 5 minutes. You could bring along something like L0pht, and then wait 2 weeks while it brute forces it.
First of all, ophcrack only comes with alpha-numeric tables for LM hashes. If you have special characters in your password, you'll have to generate your own table, which takes a very long time, and a lot of hard drive space. Ophcrack does not have the ability to generate Rainbow tables as the article suggest... Second of all, Ophcrack only works well against LM hashes, because with LM hashes, passwords are split into 7 byte halves, then hashed. So you only have to have tables that go up to 7 characters with LM hashes. If you disable LM hashes on your Windows box, and use NTLM hashes, the entire password is hashed, and is not split up. So if you pick a good password, with special characters, that's fairly long, it will be pretty much impossible to crack if your using NTLM only. Even with rainbow tables... The problem is Windows XP (by default) stores passwords as LM and NTLM hashes. So if an attacker can get the LM hashes, they can crack your password easily. You can hack the registry and keep Windows from storing LM hashes. See http://support.microsoft.com/kb/299656