Cracking windows passwords in 5 seconds Jul 22 2003 08:37PM
bugtraq oechslin net

As opposed to unix, windows password hashes can be calculated in advance

because no salt or other random information si involved. This makes so

called time-memory trade-off attacks possible. This vulnerability is not

new but we think that we have the first tool to exploit this.

At LASEC (lasecwww.epfl.ch) we have developed an advanced time-memory

trade-off method. It is based on original work which was done in 1980 but

has never been applied to windows passwords. It works by calculating all

possible hashes in advance and storing some of them in an organized

table. The more information you keep in the table, the faster the

cracking will be.

We have implemented an online demo of this method which cracks

alphanumerical passwords in 5 seconds average (see

http://lasecpc13.epfl.ch/ntcrack). With the help of 0.95GB of data we can

find the password after an average of 4 million hash operation. A brute

force cracker would need to calculate an average of 50% of all hashes,

which amounts to about 40 billion hases for alphanumerical passwords

(lanman hash).

More info about the method can be found at in a paper at


Philippe Oechslin

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus