http://news.com.com/2100-1009_3-5053063.html?tag=fd_top I'm not posting this to discuss how to crack the passwords Passwords are a huge security risk
I'm posting as people do take these things seriously.
The EASIEST way into any system is BAD passwords by users. With different methodologies taking advantage of weaknesses in Windows encryption algorithim these passwords are even MORE important to keep DIFFICULT to crack.
Quote:
Microsoft has used two encoding schemes, also known as hashing functions, to encrypt passwords. The first, known as LANManager or LANMan, was used by Windows 3.1, 95, 98, Me and early NT systems to secure passwords that were used to connect to early Windows networks.
The LANMan scheme has several weaknesses, including converting all characters to uppercase, splitting passwords into 7-byte chunks, and not using an additional random element known as "salt." While the more recent NTHash fixes the first two weaknesses, it still does not use a random number to make the hashes more unique.
The result: The same password encoded on two Windows machines will always be the same. That means that a password cracker can create a large lookup table and break passwords on any Windows computer. Unix, Linux and the Mac OS X, however, add a 12-bit salt to the calculation, making any brute force attempt to break the encryption take 4,096 times longer or require 4,096 times more memory.
|
Linear Mode
