Cracking Windows passwords in seconds
If your passwords consist of letters and numbers, beware.
Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds, from 1 minute 41 seconds.

The method involves using large lookup tables to match encoded passwords to the original text entered by a pereson, thus speeding the calculations required to break the codes. Called a time-memory trade-off, the situation means that an attacker with an abundance of computer memory can reduce the time it takes to break a secret code.

The results highlight a fact about which many security researchers have worried: Microsoft's manner for encoding passwords has certain weaknesses that make such techniques particularly effective, Philippe Oechslin, a senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL), wrote in an e-mail to CNET News.com.

"Windows passwords are not very good," he wrote. "The problem with Windows passwords is that they do not include any random information."

Oechslin outlined a way to take advantage of that lack of randomness on Tuesday when he published a paper and a Web demonstration of the technique. The research builds on previous work showing that encryption algorithms can be sped up with the help of large lookup tables. Increasing the size of the lookup tables reduces the amount of time, on average, that it takes to search for a password.

The researcher used a 1.4GB lookup table and a single computer with an AMD 2500+ processor and 1.5GB RAM to offer people a way to test the process online.

http://lasecpc13.epfl.ch/ntcrack/

http://zdnet.com.com/2100-1105_2-5053063.html