(Ted Harding) wrote:
Hi again, folks. This is a sort fo follow-up to the Syleham gathering, since as I started to drive home after the meeting a programme "Hacked to Pieces" had just started on Radio 4.
<snip>
I'd be interested to hear if any of you folks have comments on the above!
I would expect it to be quite possible. I haven't done any password cracking since 1995 so I hope things have moved on since then, but I was able to get a password 8-12 chrs long in about 30 seconds. This was on a unisys A16 mainframe. I had the advantage that, even though the encryption was one way, I knew that the algorithm used processed a password left to right. So as I passed a single character into the routine the resulting encryption got "closer" to the target encrypted password. This would give me the first letter. I then only had to try each 2nd chr to get closer still. That is the left most chrs were more significant in producing the encrypted form. So I would get a working password[1] in only 12*36 passes. Where 12 was the max length and there were 36 characters available for the password. [A-Z,0-9].
I have no idea haw passwords are encrypted on windows machines but I would not be surprised if they still get processed left to right.
[1] eg if the actual password was "ab21cd43ef65" There would be others that were similar that gave the same encrypted form like "ab21cd43ebl0" (I just made them up so don't look for any algorithm)