[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 13 March 2010 09:58, Gordon Henderson <gordon+dcglug@xxxxxxxxxx> wrote: > On Fri, 12 Mar 2010, Simon Waters wrote: > >> Gordon Henderson wrote: >>> >>> and it gave me the password in about 2 seconds flat. >>> >>> So that about wraps it up for windows passwords. >> >> But if this attack is only 100 times faster you've only gone from >> minutes to seconds. If it only took minutes before it wasn't exactly >> secure. > > I think their use of SSD technolgoy to store and give high-speed access to > the database was interesting - however it means that cracking an entire > servers's worth of passwords is fesable - in seconds to minutes rather than > hours now. > > I don't actually know how the password-file is stored on a Win server > though, but for a Samba server it's there and fairly easy to get. I know in XP its stored in a SAM file, would expect that to be the same for all NT based Windows. After all, Security isnt as important as fancy eyecandy so it all looks new! > > I was somewhat surprised when it cracked a 14-character random password I > used to test it with - in about 2 seconds! > > The "salt" in our unixy passwords are going to keep the safe from rainbow > table cracking - for a short while anyway! > > Gordon > > -- > The Mailing List for the Devon & Cornwall LUG > http://mailman.dclug.org.uk/listinfo/list > FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html > -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html