• CNET NEWS.COMCracking Windows passwords in seconds. If your passwords consist of letters and numbers, beware.

    Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds, from 1 minute 41 seconds.

    The method involves using large lookup tables to match encoded passwords to the original text entered by a pereson, thus speeding the calculations required to break the codes. Called a time-memory trade-off, the situation means that an attacker with an abundance of computer memory can reduce the time it takes to break a secret code.

    The results highlight a fact about which many security researchers have worried: Microsoft's manner for encoding passwords has certain weaknesses that make such techniques particularly effective, Philippe Oechslin, a senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL), wrote in an e-mail to CNET

    “Windows passwords are not very good,” he wrote. “The problem with Windows passwords is that they do not include any random information.”  [Privacy Digest]

  • Leave a comment