Bugtraq mailing list archives
Re: BoS: NT Password Cracker
From: nihil () onyx infonexus com (nihil () onyx infonexus com)
Date: Mon, 18 Nov 1996 18:28:10 -0800
A recent thread has occurred on the NT security mailing list about this (ntsecurity () iss net). It is time to bring the truth to light: It is quite infeasible to do a full key space search to recover *any possible* password that is valid on a NT system. MWC's recovery service most likely involves installing a trojan horse service that replaces a non critical service running under the system account. At reboot the trojan service make a new admin level account with a known password. The administrator's password is then reset set to a known value. The wording in MWC's advertisement is ambiguous. If the file permissions are set securely, all that has to be done is move the hard drive to a different machine. Check MWC's web page, and you will see that they are promoting this kind of solution, they just don't come out and say it directly. Nobody should be worried about NT passwords being easier to crack, they aren't (if the question is about whether or not they are crackable at all, that is a different story). Bad passwords equal easy cracks, good passwords equal the time to brute force the DES or MD4 key space (or for a 50% chance yield, the square root method suggested by Biham I believe). What this should be is an example of what physical access can gain. nihil
Current thread:
- Re: BoS: NT Password Cracker Kenneth L. Hamer (Nov 16)
- <Possible follow-ups>
- Re: BoS: NT Password Cracker Kenneth L. Hamer (Nov 17)
- Re: BoS: NT Password Cracker nihil () onyx infonexus com (Nov 18)