password cracking made easier?
17 views
Skip to first unread message
Sumanta Dey
Oct 28, 2010, 6:30:10 AM10/28/10
to null-...@googlegroups.com
Not sure if you have come across this.
-Sumanta
Objectif Securite comes up with technology to crack passwords
https://www.infosecisland.com/blogview/9023-Cracking-14-Character-Complex-Passwords-in-5-Seconds.html
Regards,https://www.infosecisland.com/blogview/9023-Cracking-14-Character-Complex-Passwords-in-5-Seconds.html
-Sumanta
webDEViL
Oct 28, 2010, 10:15:23 AM10/28/10
to null-...@googlegroups.com
The dumbest thing I ever read. Cracking 7 character passwords at great speed is no big deal or nothing to be excited about.
If the passwords cracked were to be 14 chars NTLM or maybe MD5 it would have made sense.
Sent from my iPhone
Sent from my iPhone
--
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
rahul sasi
Oct 28, 2010, 4:45:42 PM10/28/10
to null-...@googlegroups.com
@webdevil I hope you have read the entire post, its regarding 14 char complex passwords 0nly, and not regarding 7 char password. That thing cracked a 14 digit very complex windows hashes in few seconds.--
Rahul Sasi aka Fb1h2s
Info Security Consultant
07738222968
09320233681
www.fb1h2s.com
wwww.garage4hackers.com
Rahul Sasi aka Fb1h2s
Info Security Consultant
07738222968
09320233681
www.fb1h2s.com
wwww.garage4hackers.com
![WINDOW NEWTON<[*!!*]>'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjW0OAEgrl0JAqB2v9M3SGt511xNW-hWuPj0D4-j8KeaF_kBXga1=s40-c-mo)
WINDOW NEWTON<[*!!*]>
Oct 30, 2010, 1:36:30 AM10/30/10
to null-...@googlegroups.com
its really amazing to crack 14 digit complex password with a second ..!! thanx for sharing
webDEViL
Oct 30, 2010, 2:16:15 AM10/30/10
to null-...@googlegroups.com
Ok. You don't know what a LM hash is, that's not my fault.
Please read the article once agian and also read how LM hashes sotre the password.
Sent from my iPhone
Sent from my iPhone
Wasim Halani
Oct 30, 2010, 2:31:22 AM10/30/10
to null-...@googlegroups.com
maybe this would help clear the confusion
http://support.microsoft.com/kb/299656
".... When you set or change the password for a user account to a password that contains fewer than 15 characters, Windows generates both a LAN Manager hash (LM hash) and a Windows NT hash (NT hash) of the password.....'''
...
...
So in effect, they are cracking LM password hashes 'faster'. If they are as efficient in cracking 15+ character password, then maybe it would be considered awesome.
---
Wasim Halani
http://securitythoughts.wordpress.com
----------
To keep silent when you can say something wise and useful is as bad as keeping on propagating foolish and unwise thoughts. -- Imam Ali (p.b.u.h.)
http://support.microsoft.com/kb/299656
".... When you set or change the password for a user account to a password that contains fewer than 15 characters, Windows generates both a LAN Manager hash (LM hash) and a Windows NT hash (NT hash) of the password.....'''
...
...
"Method 3: Use a Password That Is at Least 15 Characters Long
The simplest way to prevent Windows from storing an LM hash of your password is to use a password that is at least 15 characters long. In this case, Windows stores an LM hash value that cannot be used to authenticate the user."So in effect, they are cracking LM password hashes 'faster'. If they are as efficient in cracking 15+ character password, then maybe it would be considered awesome.
---
Wasim Halani
http://securitythoughts.wordpress.com
----------
To keep silent when you can say something wise and useful is as bad as keeping on propagating foolish and unwise thoughts. -- Imam Ali (p.b.u.h.)
TAS
Oct 30, 2010, 2:53:19 AM10/30/10
to null-...@googlegroups.com
Apparently it is the hard drive access time and not the processor
speed that slows down cracking speed. And the technology in use is a
Solid State Drive (SSD) so it is no rocket science.
speed that slows down cracking speed. And the technology in use is a
Solid State Drive (SSD) so it is no rocket science.
The reason your USB drives are faster than the traditional Hard drives
it is because USB pen drives are SSD's.
Solid-state drive
http://en.wikipedia.org/wiki/Solid-state_drive
-
TAS
http://twitter.com/p0wnsauc3
rahul sasi
Oct 30, 2010, 7:27:07 AM10/30/10
to null-...@googlegroups.com
@wasim thanks for the share.
@webd3vil I very well know what LM and NT hashes are, and the article just stated that it was working comparatively faster than other crackers and we all were appreciating that. And just a small feedback, it would be a lot better if you could be less sarcastic in the way you replay.
webDEViL
Oct 31, 2010, 4:03:41 AM10/31/10
to null-...@googlegroups.com
See, you suddenly desist from what you have already said.
Anyways let me explain why it really is not worth it
Ok, let's assume you are cracking a 14 char NTLM password
There are 94 printable ascii chars, a permutation of 14 from 94
>>> permu = math.pow(94,14)
>>> print permu
4.2052319016987428e+27
No assume your cracker runs at 300 billion passwords per second
(as per the article)
>>> time = permu/300000000000
>>> print time
14017439672329142.0
So it will take 14017439672329142.0 seconds to crack the password.
Let's get it into a more readable format.
>>> time/(60*60*24*365)
444490096.15452629
It will take 444 million years to crack the NTLM hash.
Similar is the case for the rainbow tables size.
On a personal note, I don't like ridiculing people.
I do it when people falsely claim that my claim was false.
On Sat, Oct 30, 2010 at 4:57 PM, rahul sasi <lovera...@gmail.com> wrote:
@wasim thanks for the share.
@webd3vil I very well know what LM and NT hashes are, and the article just stated that it was working comparatively faster than other crackers and we all were appreciating that. And just a small feedback, it would be a lot better if you could be less sarcastic in the way you replay.
--
Reply all
Reply to author
Forward
0 new messages