“Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds, from 1 minute 41 seconds,” reports Robert Lemos for CNET News.com.
“The results highlight a fact about which many security researchers have worried: Microsoft’s manner for encoding passwords has certain weaknesses that make such techniques particularly effective, Philippe Oechslin, a senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL), wrote in an e-mail to CNET News.com,” Lemos reports. “‘Windows passwords are not very good,’ he wrote. ‘The problem with Windows passwords is that they do not include any random information.'” Full article here.
Last Wednesday Microsoft acknowledged a critical vulnerability in nearly all versions of its flagship Windows operating system software two days after the U.S. Department of Homeland Security said it had awarded a five-year, $90 million enterprise agreement to Microsoft Corp to become the department’s primary technology provider.
Now, don’t you U.S. residents feel safer?
Oh, yeah, I’m feeling real safe – I have an iBook! Not so lucky at work, though, where I have no choice but to use a peecee… our IT folks will just chalk it up as insignificant and go about their merry way telling us that they “don’t have time to support” Macs – what a hoot!
HAHAHAHA
that is a funny story
Ok, before you all start to laugh with Windows, you should realise that it is as bad or even worse on Mac OS X.
On windows, linux, freebsd, solaris, netbsd, openbsd, .. you need to be administrator to get to the hashed passwords. On mac os x, any user can type in nidump passwd . and run john the ripper. It takes a while, but any user can get administrator access if they want.
To top it off, it uses an old hashing algorithm DES that only looks at the first 8 characters. Also, john is very optimised for DES. Most other unixes use MD5, some even SHA-1.
Hey “hmm”, nice try. If you are actually going to try to make the case that Mac OSX is easier to crack than any version of Windows, then you are truly smoking crack. Move along, troll.
I dare you, login as a normal user, type “nidump passwd . > passwordfile”. Download and set up john the ripper, and run it on that file on a fast computer. You’ll get the passwords from the administrator and other users soon enough.
I’m not saying that macosx is easier to crack than windows. I’m just saying that the password security in macosx is not something to be proud of.
“Now, don’t you U.S. residents feel safer?”
Glad I don’t live in the US……
RE: “hmm”
WRONG!!
I tried it. I created several users with different passwords. The UNIX command is valid but it does not return the actual password. It just informs you if a password exists (tcsh) or not (null). I was logged in as an admin and it showed no passwords. Perhaps you can use the list of users to some advantage.
But “hmm” failed to tell you that to get to that point, YOU MUST LOG IN FIRST!! You can’t get access to the computer’s UNIX terminal unless you know the password and name of a user. In that case, you don’t need to get a list of passwords. YOU CANNOT GET ACCESS TO A MAC FROM THE OUTSIDE!
This is a far cry from using a Microsoft system where the recent security holes allow OUTSIDERS not only to view your system files but also CONTROL your system!!
Granted, I did not use “John the Ripper” to try all of the combinations and permutations of possible passwords, but I use ONLY strings of special characters such as “??�����?�?��?”. According to my math, it would take a program like Ripper over 100 years to find my password if it tries 100 passwords per second, AND IF they had access to my system, AND IF it tries special characters, AND IF I don’t change it in 100 years.
Tip…
How do I remember such a string of characters as a password?
Easy – just type your normal password but hold down the “Alt” and/or “Alt with Shift”. I just take an easy nonEnglish string like an address “100mainst60123” but enter it with the Alt held down. This example results in the password “�??���?��?��” . Personally, I use a combination of “Alt” and “Alt with Shift” in the same password.
I don’t care if someone sees my password over my shoulder, they’ll never be able to remember and type it.
Note: With Microsoft’s attempt at being the LEAST SECURE computer system, it does NOT support special characters as passwords. If you try this on a Microsoft, it ignores the Alt key and your password is the same as if you had not held it down. As such, by simply using a few special characters (try a foreign language!) on your Apple, there is no way a Microsoft user, nor a lame hacker program, can access into your Mac.
Macs ARE the most secure system!!
Password cracking is much easier than ever before. Just boot your PC from PCUnlocker Live CD and it enables you to crack Windows password in no time.
http://www.top-password.com/reset-windows-password.html
I have used it on both my laptop and desktop computers and it really works!