December 11, 2005

Be Afraid, Be Very Afraid

Because knowing all passwords is cooler than trying to crack one.

Ophcrack is a Windows password cracker based on Philippe Oechslin's faster time-memory trade-off using Rainbow tables. This program can crack 99.9% of passwords of length 1 to 14 containing uppercase letters, lowercase letters and numbers. This happens because of two weaknesses in the way LM Hash is implemented:

- Passwords longer than 7 characters are divided into two pieces and each piece is hashed separately.
- All lower case letters in the password are changed to upper case before the password is hashed.

I tried cracking my 13 character alpha-numeric password (something that I considered remarkably secure) and Ophcrack did it in less than a minute. For those in Mumbai who don't want to download the gigantic 700 MB worth of Rainbow tables used by Ophcrack, give me a shout!

Password Trivia:
- Fox Mulder's password in X-Files is "trustno1".
- In he classic 1932 Marx Brothers' film, Horse Feathers the password for entering the speakeasy was "Swordfish".


Post a Comment

<< Home