This whole discussion is completely misleading (imagine that!). What the Swiss researchers did was refine (essentially, as I understand it, by precomputing a very large dictionary of password hashes and load this into memory) an existing "attack". This "attack" is no different under Windows, Unix, Linux or Mac OS X systems: given root/administrator privileges, reverse engineer the users password, from the password file using a dictionary attack. All -- I repeat -- all -- systems are susceptible to this kind of attack! The difference is that under Unix/Linux/OS X a bit of salt (actually 12 bits) is added to the users password prior to encryption.
What you need to understand is that this salt is no different than lengthening the actual password itself! For example if my password is "passwd" a unix system will add an extra 12-bits onto this password and then encrypt it. A password that is encrypted on a Unix system is say "passwdzd" where "zd" is the "salt" (BTW the salt is stored in/etc/passwd along with the encrypted password). While on a windows system the password that is encrypted is simply just "passwd". On both systems I still type "passwd" to log in.
Salt is not some kind of magic elixir, it is simply a means to add additional length to the password (without the user having to remember it), to make the dictionary attack take longer (or more memory). To have approximately equivalent dictionary attack complexity the windows password would have to be two characters longer than a Unix password, to make up for the salt.
So in summary, the attack is not an attack per sea. It is simply a way to speed up a standard dictionary attack. On all systems this can be done assuming you have root/administrator access. The notion of salt is somewhat of a red herring -- the researchers results still apply to Unix systems as well, it is just that the dictionary would have to be 4096 times larger assuming the same password length. Or you would have to go after passwords that were ~ 2 characters less.
As always the best way to defeat these kinds of attacks is to use long, nondictonary words, placing nonalphanumeric characters throughout the password. (Not just as the first or last character).
Slashdot Mirror
What you need to understand is that this salt is no different than lengthening the actual password itself! For example if my password is "passwd" a unix system will add an extra 12-bits onto this password and then encrypt it. A password that is encrypted on a Unix system is say "passwdzd" where "zd" is the "salt" (BTW the salt is stored in /etc/passwd along with the encrypted password). While on a windows system the password that is encrypted is simply just "passwd". On both systems I still type "passwd" to log in.
Salt is not some kind of magic elixir, it is simply a means to add additional length to the password (without the user having to remember it), to make the dictionary attack take longer (or more memory). To have approximately equivalent dictionary attack complexity the windows password would have to be two characters longer than a Unix password, to make up for the salt.
So in summary, the attack is not an attack per sea. It is simply a way to speed up a standard dictionary attack. On all systems this can be done assuming you have root/administrator access. The notion of salt is somewhat of a red herring -- the researchers results still apply to Unix systems as well, it is just that the dictionary would have to be 4096 times larger assuming the same password length. Or you would have to go after passwords that were ~ 2 characters less.
As always the best way to defeat these kinds of attacks is to use long, nondictonary words, placing nonalphanumeric characters throughout the password. (Not just as the first or last character).