Ophcrack and Windows passwords

As mentioned before, rainbow tables are a mechanism that can be used to reverse hash functions, revealing information that was intended to be hidden. For instance, they can take the hashed contents of a Windows password file and turn them into a password you can use. This limitation largely exists because Windows does not use the technique of ‘salting,’ which would make rainbow tables unmanageably large. Unix-based operating systems, like Mac OS X, have been salting passwords since the 1970s.

Ophcrack is a piece of free software that exploits precisely this vulnerability. As explained here, it comes as a bootable CD, which can be used to circumvent the password on a Windows XP, Vista, or 7 computer.

Among other things, this means that having a password-protected user account isn’t an adequate way to protect your data from anyone who can get their hands on your computer: from customs agents to burglars. If you have anything sensitive in there, it would be sensible to further protect it with some strong encryption.

Author: Milan

In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford. Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.

One thought on “Ophcrack and Windows passwords”

  1. Incidentally, the poor manner in which Windows handles passwords makes even relatively strong passwords easy to compromise:

    “One example is the LM hash that Microsoft Windows XP and previous uses by default to store user passwords of less than 15 characters in length. LM hash converts the password into all uppercase letters then breaks the password into two 7-character fields which are hashed separately—which allows each half to be attacked individually.”

    Password cracking
    From Wikipedia, the free encyclopedia

Leave a Reply

Your email address will not be published. Required fields are marked *