root password
Smoot Carl-Mitchell
smoot at tic.com
Wed Aug 22 03:13:35 UTC 2007
On Wed, 2007-08-22 at 10:24 +1000, Michael James wrote:
> Linux is very different to Windows where the passwords are only obscured.
> I booted a Windows PC I bought off a rescue tool called "ophcrack?"
> and it happily de-crypted all the passwords including administrator.
The weakness in Windows NTLM authentication was twofold. First there
was only 40 bits hashes in some early systems and there was no "salt".
Without a "salt" every unique password only has a single hash
equivalent. So it was relatively easy to take dictionary words and
create a precomputed hash table. Later versions of Windows
authentication are far more secure, especially with Active Directory's
use of Kerberos authentication. It is still true that if you can get a
hold of the NTLM password hashes, it is fairly easy to crack passwords.
--
Smoot Carl-Mitchell
System/Network Architect
email: smoot at tic.com
cell: +1 602 421 9005
home: +1 480 922 7313
More information about the ubuntu-users
mailing list