Cracking Passwords

GWguy

GWguy

*
Now that you're all looking here to see how to do it, sorry. This is an excerpt from an internal communication that I thought was interesting...

DID YOU KNOW?
A recent study found that fast or dual processor PCs can crack 10,000,000 eight-character passwords per second and that workstations (or multiple PCs working together) can crack 100,000,000 per second. It takes 83 ½ days for a medium-to-large scale, distributed computing system to crack an eight-character password consisting of upper and lower case letters, numerals and symbols.
 
R

RadioPatrol

Guest
yes the old version of PGP 2.06 that was made famous in the early days of the internet is no longer secure, in that a modern PC can generate all the possible combinations for encryption for that vers. this is why encryption software has evolved

for those interested there is software available for recovering passwords on most word, excel files etc .......... will recover passwords on zip files .......

Password Recovery

and physical protection is the biggest issue, I have a bootable CD that will automatically crack all the store user account passwords on a PC - great for customers that forget / lose passwords
 
Ender

Ender

Undercover Geek
Even SHA-1 has been cracked by an asian community of geeks already. Even though encryption betters itself over the course of time, there are only condidtions and supplements that allow people to crack them within a matter of time too. Obviously, a single-computer isn't going to crack the SHA-1 algorithm within any reasonable amount of time. Though, I'm sure that the community who cracked SHA-1 was using a cluster of cell processor-powered servers and it took them about 3 and a half weeks to crack a low number of passwords.

As RadioPatrol has said (in a different way): Technology continues to advance itself, but there will always be people who are curious about doing something that is meant to be 'impossible'. =)
 
forestal

forestal

I'm the Boss of Me
Well, that would be true if the authenticating mechanism returned either a true or false result immediately upon evaluating the password, most modern mechanisms use some sort of exponential time function as a pause. As an example, the first time you enter a bad password, the system takes two seconds to return the result, the second time it takes four seconds, ad infinitum. Under such conditions, I think that even a simple password is relatively safe.

Now cracking an encrypted document is a different matter. That does not depend on the interaction with another system that the cracker has no control over.

GWguy said:
Now that you're all looking here to see how to do it, sorry. This is an excerpt from an internal communication that I thought was interesting...

DID YOU KNOW?
A recent study found that fast or dual processor PCs can crack 10,000,000 eight-character passwords per second and that workstations (or multiple PCs working together) can crack 100,000,000 per second. It takes 83 ½ days for a medium-to-large scale, distributed computing system to crack an eight-character password consisting of upper and lower case letters, numerals and symbols.
Click to expand...
 
Last edited:
R

RadioPatrol

Guest
forestal said:
Well, that would be true if the authenticating mechanism returned either a true or false result immediately upon evaluating the password, most modern mechanisms use some sort of exponential time function as a pause. As an example, the first time you enter a bad password, the system takes two seconds to return the result, the second time it takes four seconds, ad infinitum. Under such conditions, I think that even a simple password is relatively safe.

Now cracking an encrypted document is a different matter. That does not depend on the interaction with another system that the cracker has no control over.
Click to expand...

True - I guessed the original study group was talking about raw processing power to generate the passwords, not actual time to process the challenge and response ....... as well as lockouts associated to bad guesses
 
dn0121

dn0121

New Member
6 missed passwords on our laptops and the encryption locks you out. Can't be open without a key CD. Check out Pointsec, now owned by Checkpoint.
 
R

RadioPatrol

Guest
dn0121 said:
6 missed passwords on our laptops and the encryption locks you out. Can't be open without a key CD. Check out Pointsec, now owned by Checkpoint.
Click to expand...

does that include physical access, like pulling the drive and sticking it in a USB HD case and accessing it that way ? just curious.
 
GWguy

GWguy

*
RadioPatrol said:
does that include physical access, like pulling the drive and sticking it in a USB HD case and accessing it that way ? just curious.
Click to expand...

The Windows level password lockout only applies to the booted windows instance. IE, you fail logon 6 times and get locked out, move the drive to another PC, and assuming no encryption, you can access the drive from a PC that you have successfully booted and logged in on.

If the encryption works the same as ours, you can put the drive in another housing/computer, but still cannot access the drive without the passkey.
 
dn0121

dn0121

New Member
That is correct, but I am trying to find a way around it. I would love to be the one to show the boss that its not as good as the company who sells it says it is lol.
 
You must log in or register to reply here.
Top