July 22, 2003 7:05 PM PDT

Cracking Windows passwords in seconds

Read more about passwords

If your passwords consist of letters and numbers, beware.

Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds, from 1 minute 41 seconds.

The method involves using large lookup tables to match encoded passwords to the original text entered by a person, thus speeding the calculations required to break the codes. Called a time-memory trade-off, the situation means that an attacker with an abundance of computer memory can reduce the time it takes to break a secret code.

The results highlight a fact about which many security researchers have worried: Microsoft's manner for encoding passwords has certain weaknesses that make such techniques particularly effective, Philippe Oechslin, a senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL), wrote in an e-mail to CNET News.com.

"Windows passwords are not very good," he wrote. "The problem with Windows passwords is that they do not include any random information."

Oechslin outlined a way to take advantage of that lack of randomness on Tuesday when he published a paper and a Web demonstration of the technique. The research builds on previous work showing that encryption algorithms can be sped up with the help of large lookup tables. Increasing the size of the lookup tables reduces the amount of time, on average, that it takes to search for a password.

The researcher used a 1.4GB lookup table and a single computer with an Advanced Micro Devices 2500+ processor and 1.5GB of RAM to offer people a way to test the process online.

Oechslin said he hadn't notified Microsoft of the issue before publishing his paper. He said his research has been more about creating efficient time-memory trade-offs, not about breaking Microsoft passwords.

"This is not a new vulnerability," he said. "It is only the first time that it has been worked in so much detail. Microsoft passwords are just a nice example to demonstrate the theoretical results."

Two methods of encryption
Microsoft has used two encoding schemes, also known as hashing functions, to encrypt passwords. The first, known as LANManager or LANMan, was used by Windows 3.1, 95, 98, Me and early NT systems to secure passwords that were used to connect to early Windows networks.

The LANMan scheme has several weaknesses, including converting all characters to uppercase, splitting passwords into 7-byte chunks, and

Special Report
Passwords: The weakest link?
Most are feeble attempts at deception
and are no match for today's computers.

not using an additional random element known as "salt." While the more recent NTHash fixes the first two weaknesses, it still does not use a random number to make the hashes more unique.

The result: The same password encoded on two Windows machines will always be the same. That means that a password cracker can create a large lookup table and break passwords on any Windows computer. Unix, Linux and the Mac OS X, however, add a 12-bit salt to the calculation, making any brute force attempt to break the encryption take 4,096 times longer or require 4,096 times more memory.

While an attacker would need administrator rights to a system to grab the file that contains the password hashes, the file is still valuable, said David Dittrich, a senior security researcher at University of Washington.

"The object is to use rights you have gained on one resource to break into other systems," he said. "If you have broken into a server and you have a hash, you can escalate your privilege and slowly move your way through the network. If you can get your hands on the hash, then game over."

Users can protect themselves against the attack by adding nonalphanumeric characters to a password. The inclusion of symbols other than alphanumeric characters adds complexity to the process of breaking passwords--and that means the code cracker needs more time or more memory or both.

Oechslin, for example, has created a new version of his program using 20GB of lookup tables that can break passwords made of numbers, letters and 16 other characters in an average of 30 seconds for large batches of passwords.

"To make things more complex, we could have generated a set of data half as big (10GB), which would (have broken) the same passwords faster, but we would have spent multiple times the amount of work calculating this data," he wrote. "So there is another trade-off, namely between precalculation time and memory or cracking time."


Join the conversation!
Add your comment
nada nothing
Posted by (1 comment )
Reply Link Flag
I have downloaded windows password key 8.0. It is a very quick and useful utility for resetting passwords. It not only supports XP, 2000, and NT, I have personally tested it with Vista Home Premium and Ultimate. It works perfectly to reset any local user account to a blank password.
Just an easy to use bootable CD/DVD . It can also be used on a USB Flash Drive. http://www.lostwindowspassword.com/
Posted by robertdescalzo (1 comment )
Reply Link Flag
crack windows password!!
3 steps:
1. Log onto a computer that can link to the Internet. Download
Advanced Windows Password Recovery 3.0 from

http://www.recoverwindowspassword.com and decompress it on that PC.

Note that: there is a .ISO file. Burn the .ISO file to a CD.

2.Get out the newly created CD and insert it to the locked computer.

3.Re-boot the locked computer and then follow the process of
instructions. Just after a few steps, the old password will be
Posted by likeapple (3 comments )
Reply Link Flag
more free windows password reset methods:
Posted by PassKiller (1 comment )
Reply Link Flag
I would like to introduce Windows Password Key 8.0 . it not only supports XP, 2000, and NT, I have personally tested it with Vista Home Premium and Ultimate. It creates a password recovery CD/DVD,USB Flash Drive for home, business and enterprise. It works perfectly to reset your Windows password. You can download it from http://www.lostwindowspassword.com
Posted by Annyyu22 (4 comments )
Reply Link Flag
I know some windows password tools just like below
1. Windows Password Recovery Tool 3.0( http://www.windowspasswordsrecovery.com)
2. Windows Password Key 8.0( http://www.lostwindowspassword.com )
3. Windows Password Recovery 6.0( http://www.recoverlostpassword.com/products/windowspasswordrecoery.html )
4. windows 7 password ( http://www.windows7password.com )
Posted by jamesstevn (2 comments )
Reply Link Flag
I know a blog about windows 7 password http://www.windows7password.net
Posted by hecongyan (1 comment )
Reply Link Flag
windows password? why do you talk it as a problem?
It is quite easy to solve.
thy these site


so, after reading this site, will you still think a question for forgotting windows login password.
Posted by wskaihd (2 comments )
Reply Link Flag
GPUs can also be used speed up the process of <a href="http://mytechencounters.wordpress.com/2011/04/03/gpu-password-cracking-crack-a-windows-password-using-a-graphic-card/"password cracking</a>. My 5770 does 3.3 billion passwords searches per second.
Posted by vijaydevakumar (4 comments )
Reply Link Flag
use Spower Windows Password Reset (SWPR) to recover your forgotten password in few steps:

Step 1: Download and install Spower Windows Password Reset.
Step 2: Create a CD/DVD or USB password reset boot disk with SWPR.
Step 3: Boot your computer from password reset boot disk.
Step 4: Recover the forgotten password for administrator account.

For more information, please visit: http://www.windowspasswordsreset.com/
Posted by chairsnj (1 comment )
Reply Link Flag
Few days ago, I lost my windows password,and my friend David who in an IT enginner help me reset my windows password with Windows Password Reset.Here I share how I use Windows Password Reset to reset my windows password easily.

Step1:Download and install Windows Password Reset from http://www.windowspasswordreset.net
Step2:Burn Windows Password Reset ISO file to CD/DVD,or USB.
Step3:Put in your newly created CD and remove your Windows Password.
Posted by Abe201 (1 comment )
Reply Link Flag
Good post! I also found another helpful post about windows password recovery on a famous websit- Squidoo.
Posted by Arabela123 (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.