Crack A Windows Password In 14 Seconds

Those of you with servers and desktops running one of Microsoftis operating systems might not want to read this next bit of news: C|Net is reporting that Swiss researchers have found a way to crack Windows passwords quickly, and with little more than an off the shelf PC with lots of memory. The technique, called time-memory trade-off, can discover a Windows password in as little as 14 seconds, whereas other methods can talk ten times as long. From the article Cracking Windows Passwords in Seconds:

The results highlight a fact about which many security researchers have worried: Microsoftis manner for encoding passwords has certain weaknesses that make such techniques particularly effective, Philippe Oechslin, a senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL), wrote in an e-mail to CNET

"Windows passwords are not very good," he wrote. "The problem with Windows passwords is that they do not include any random information."

Oechslin outlined a way to take advantage of that lack of randomness on Tuesday when he published a paper and a Web demonstration of the technique . The research builds on previous work showing that encryption algorithms can be sped up with the help of large lookup tables. Increasing the size of the lookup tables reduces the amount of time, on average, that it takes to search for a password.

The researcher used a 1.4GB lookup table and a single computer with an AMD 2500+ processor and 1.5GB RAM to offer people a way to test the process online .

The article goes on to explain that the method of password encryption used on Microsoft OSes are far inferior to that used in *IXes, including OS X. From the article:

Microsoft has used two encoding schemes, also known as hashing functions, to encrypt passwords. The first, known as LANManager or LANMan, was used by Windows 3.1, 95, 98, Me and early NT systems to secure passwords that were used to connect to early Windows networks.

The LANMan scheme has several weaknesses, including converting all characters to uppercase, splitting passwords into 7-byte chunks, and not using an additional random element known as "salt." While the more recent NTHash fixes the first two weaknesses, it still does not use a random number to make the hashes more unique.

The result: The same password encoded on two Windows machines will always be the same. That means that a password cracker can create a large lookup table and break passwords on any Windows computer. Unix, Linux and the Mac OS X, however, add a 12-bit salt to the calculation, making any brute force attempt to break the encryption take 4,096 times longer or require 4,096 times more memory.

There is much more information in the full article at C|Net.