To main content

All in a day's work: Password cracking for the rest of us

Abstract

The majority of computer systems are still protected primarily with a user name and password, and many users employ the same password on multiple systems. Additionally, some of the most popular operating systems such as Windows XP, Windows Vista and the upcoming Windows 7, still use ad-hoc constructed hash functions such as LM, while many Linux variants use the broken hash function MD5. This paper describes an experiment where we have tested the strengthof a selection of passwords when converted to LM, NT and MD5 hashes, respectively, using commonly available tools. Our conclusion is that a large number of passwords can be cracked within a normal working day, and that all LM hash passwords can be recovered before morning coffee. The use of such weak hash functions in the process of user authentication in these operating systems poses a significant threat to an organization's security.
Read the publication

Category

Academic chapter

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Software Engineering, Safety and Security
  • Norwegian University of Science and Technology

Year

2009

Publisher

Tapir Akademisk Forlag

Book

Norsk informasjonssikkerhetskonferanse : NISK 2:2009 : NTNU, Trondheim 24.-25. november 2009

ISBN

9788251924924

Page(s)

69 - 83

View this publication at Norwegian Research Information Repository