Security Basics mailing list archives

Re: How Windows Password Cracking Programs Work

From: chris () learnsecurityonline com
Date: 26 Jul 2006 03:45:52 -0000


My question is whether windows password cracking programs has to do with how these programs work.

Is it correct that they do not crack a password one character at a time? 

That is, the password cracking programs aren't able to determine that they have cracked the first character, or the 
first two or first three characters?

that is incorrect, windows password cracking programs check to see if the password hash matches the one the password 
cracking program is currently  trying.  if it matches then it knows what the password is.


Also, is it correct that password cracking programs aren't able to determine - ahead of time - how long a windows 
password is?

that is sort of true, if the password is less than 8 characters for LM stored hashes the program can tell and if it 
is greater than 14 characters the password will be stored as NTLM but it cant tell that it is, say 18 characters.


More info can be found in a paper i wrote available here:
http://www.windowsecurity.com/whitepapers/Rainbow_Tables__RainbowCrack_Introduction1614.html

Chris


Chris Gates, CISSP
C|EH, CPTS, MCP 2003, A+, Network+, Security+

Web:        https://www.learnsecurityonline.com

Learn Security Online, Inc.

* Security Games        * Simulators
* Challenge Servers     * Courses
* Hacking Competitions  * Hacklab Access

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

How Windows Password Cracking Programs Work winshel (Jul 24)
- Re: How Windows Password Cracking Programs Work Dharmesh Sampat (Jul 25)
- Re: How Windows Password Cracking Programs Work Michal Merta (Jul 27)
- <Possible follow-ups>
- Re: How Windows Password Cracking Programs Work chris (Jul 27)
- Re: Re: How Windows Password Cracking Programs Work e . m . baechle (Jul 27)
  - Re: Re: How Windows Password Cracking Programs Work Nagareshwar Talekar (Jul 28)