Privacy & Data Security
|Aug 29, 2003 2:37 am
||re: Windows passwords cracked in 13.6 seconds
| Ken Seefried
|| > Tamas Hevizi wrote:
> Interesting post on CNET on how Windows passwords can be cracked between 13 seconds and 1min 46 seconds.
To be fair, Windows passwords have never been that terribly difficult to crack (see l0phtcrack), this "new" technique is really just a clever application of the well worn dictionary attack, and as described it only works on particular types of passwords (alphanumeric).
Bottom line is that good passwords are always important, and bad passwords are generally easy to crack. Always toss in a few non-alphanumeric characters.
Here's a hint I give: Use a movie line as a password, but pick the first charaters, and mix things up a bit.
Clint Eastwood in Dirty Harry: So. Do you feel luck, punk?
This results in a very, very good password that is easy to remember but terribly hard for the crackers to recover. You can improve it further by doing the l33t thing and substitute 0 for o, 1 for l, 3 for e, etc.
Ken Seefried, CISSP
Private Reply to Ken Seefried (new win)