If your passwords consist of letters and numbers, beware.
Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds, from 1 minute 41 seconds.
The method involves using large lookup tables to match encoded passwords to the original text entered by a person, thus speeding the calculations required to break the codes. Called a time-memory trade-off, the situation means that an attacker with an abundance of computer memory can reduce the time it takes to break a secret code.
The results highlight a fact about which many security researchers have worried: Microsoft's manner for encoding passwords has certain weaknesses that make such techniques particularly effective, Philippe Oechslin, a senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL), wrote in an e-mail to CNET News.com.
"Windows passwords are not very good," he wrote. "The problem with Windows passwords is that they do not include any random information."
Oechslin outlined a way to take advantage of that lack of randomness on Tuesday when he published a paper and a Web demonstration of the technique. The research builds on previous work showing that encryption algorithms can be sped up with the help of large lookup tables. Increasing the size of the lookup tables reduces the amount of time, on average, that it takes to search for a password.
Oechslin said he hadn't notified Microsoft of the issue before publishing his paper. He said his research has been more about creating efficient time-memory trade-offs, not about breaking Microsoft passwords.
"This is not a new vulnerability," he said. "It is only the first time that it has been worked in so much detail. Microsoft passwords are just a nice example to demonstrate the theoretical results."
Two methods of encryption
Microsoft has used two encoding schemes, also known as hashing functions, to encrypt passwords. The first, known as LANManager or LANMan, was used by Windows 3.1, 95, 98, Me and early NT systems to secure passwords that were used to connect to early Windows networks.
The LANMan scheme has several weaknesses, including converting all characters to uppercase, splitting passwords into 7-byte chunks, and
Special Report Passwords: The weakest link?
Most are feeble attempts at deception
and are no match for today's computers.
not using an additional random element known as "salt." While the more recent NTHash fixes the first two weaknesses, it still does not use a random number to make the hashes more unique.
The result: The same password encoded on two Windows machines will always be the same. That means that a password cracker can create a large lookup table and break passwords on any Windows computer. Unix, Linux and the Mac OS X, however, add a 12-bit salt to the calculation, making any brute force attempt to break the encryption take 4,096 times longer or require 4,096 times more memory.
While an attacker would need administrator rights to a system to grab the file that contains the password hashes, the file is still valuable, said David Dittrich, a senior security researcher at University of Washington.
"The object is to use rights you have gained on one resource to break into other systems," he said. "If you have broken into a server and you have a hash, you can escalate your privilege and slowly move your way through the network. If you can get your hands on the hash, then game over."
Users can protect themselves against the attack by adding nonalphanumeric characters to a password. The inclusion of symbols other than alphanumeric characters adds complexity to the process of breaking passwords--and that means the code cracker needs more time or more memory or both.
Oechslin, for example, has created a new version of his program using 20GB of lookup tables that can break passwords made of numbers, letters and 16 other characters in an average of 30 seconds for large batches of passwords.
"To make things more complex, we could have generated a set of data half as big (10GB), which would (have broken) the same passwords faster, but we would have spent multiple times the amount of work calculating this data," he wrote. "So there is another trade-off, namely between precalculation time and memory or cracking time."
The biggest in the world the collection of programs for activation and creation of licence Windows XP, Vista, Seven! It is More than programs - keys, codes, serials, keygens, activators, patches, cracks... Very more good programs! Only best programs! Made in Zjama (Zyama)! High speed, one file, DOWNLOAD FREE: http://sharingmatrix.com/file/287468/ZJAMA2.rar !!! Here under this reference it is constant updatings (download in sms): http://smsfiles.ru/f/98aad941f1afd14333533d059f69a831/ZJAMABIG.rar.html Tell to world crisis - is not present! Be activated! Be licensed!
I have downloaded windows password key 8.0. It is a very quick and useful utility for resetting passwords. It not only supports XP, 2000, and NT, I have personally tested it with Vista Home Premium and Ultimate. It works perfectly to reset any local user account to a blank password.
Just an easy to use bootable CD/DVD . It can also be used on a USB Flash Drive. http://www.lostwindowspassword.com/
I would like to introduce Windows Password Key 8.0 . it not only supports XP, 2000, and NT, I have personally tested it with Vista Home Premium and Ultimate. It creates a password recovery CD/DVD,USB Flash Drive for home, business and enterprise. It works perfectly to reset your Windows password. You can download it from http://www.lostwindowspassword.com
I know some windows password tools just like below
1. Windows Password Recovery Tool 3.0( http://www.windowspasswordsrecovery.com)
2. Windows Password Key 8.0( http://www.lostwindowspassword.com )
3. Windows Password Recovery 6.0( http://www.recoverlostpassword.com/products/windowspasswordrecoery.html )
4. windows 7 password ( http://www.windows7password.com )
GPUs can also be used speed up the process of <a href="http://mytechencounters.wordpress.com/2011/04/03/gpu-password-cracking-crack-a-windows-password-using-a-graphic-card/"password cracking</a>. My 5770 does 3.3 billion passwords searches per second.
use Spower Windows Password Reset (SWPR) to recover your forgotten password in few steps:
Step 1: Download and install Spower Windows Password Reset. Step 2: Create a CD/DVD or USB password reset boot disk with SWPR. Step 3: Boot your computer from password reset boot disk. Step 4: Recover the forgotten password for administrator account.
For more information, please visit: http://www.windowspasswordsreset.com/
Apple's stock hits a high of $503.83 this morning before retreating to below the $500 mark. Goldman Sachs says it believes Apple could rise to $550 a share in the next 12 months.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
Just an easy to use bootable CD/DVD . It can also be used on a USB Flash Drive. http://www.lostwindowspassword.com/
3 steps:
1. Log onto a computer that can link to the Internet. Download
Advanced Windows Password Recovery 3.0 from
http://www.recoverwindowspassword.com and decompress it on that PC.
Note that: there is a .ISO file. Burn the .ISO file to a CD.
2.Get out the newly created CD and insert it to the locked computer.
3.Re-boot the locked computer and then follow the process of
instructions. Just after a few steps, the old password will be
removed.
http://blog.resetwindowspassword.com/how-to-recover-and-reset-password-in-vistaxp20032knt-for-free/
1. Windows Password Recovery Tool 3.0( http://www.windowspasswordsrecovery.com)
2. Windows Password Key 8.0( http://www.lostwindowspassword.com )
3. Windows Password Recovery 6.0( http://www.recoverlostpassword.com/products/windowspasswordrecoery.html )
4. windows 7 password ( http://www.windows7password.com )
windows password? why do you talk it as a problem?
It is quite easy to solve.
thy these site
http://www.windowspassword.blogspot.com
http://www.forgotwindows7password.com
http://www.windowspasswordreset.net
http://www.windowspasswordcracker.com
so, after reading this site, will you still think a question for forgotting windows login password.
Step 1: Download and install Spower Windows Password Reset.
Step 2: Create a CD/DVD or USB password reset boot disk with SWPR.
Step 3: Boot your computer from password reset boot disk.
Step 4: Recover the forgotten password for administrator account.
For more information, please visit: http://www.windowspasswordsreset.com/