Windows Passwords Cracked in Record Time
Exposing a weakness in Windows encryption technology, Swiss researchers have published a paper detailing how to crack Windows computers protected by alphanumeric passwords in an average of 13.6 seconds.
The paper’s lead author, Philippe Oechslin, told NewsFactor that his research is not specifically about Windows software. “I’m looking for encryption systems where there is no random information for security encryption,” he said. He explained that Unix, Linux and Mac OS X use an initialization vector, also known as “salt,” which can have 4,096 values, making cracking much more difficult.
“On Windows, unfortunately, the two versions of password hashes (encoding technology) they use don’t have salt, so we can precalculate all of them,” Oechslin said.
I have to say, this surprises me. I have to ask anyone can honestly use a system with a risky security model in any kind of secure or mission-critical environment. I’m not sure with how one would exploit this, but it stands to reason tools based on these finding will soon be available at a warez site near you.