Great, just what we need...

Published 23 July 03 11:20 AM | RWlodarczyk 
Isn't this just great... I don't think we need any more of these people out there trying to crack passwords as this article talks about.
Filed under:

Comments

# Aaron said on July 23, 2003 11:41 AM:
I think the article was hinting that perhaps Microsoft should strengthen its password-storage mechanism to match that of other professional-level operating systems...
# Robert A. Wlodarczyk said on July 23, 2003 11:55 AM:
Agreed, but it also states that the researchers openly invite people to try their method out...
# Ingo Rammer said on July 23, 2003 12:33 PM:
Well, let's not kill the messenger here - everyone can setup a 1.4 GB machine at home for nearly no cost right now.

The article is right: password hashing without salts makes life way too easy for blackhats. And if issues like this are ignored for too long, then maybe the public availability of a service which cracks passwords in 14 seconds can *finally* raise awareness.

-Ingo
# Robert A. Wlodarczyk said on July 23, 2003 2:58 PM:
Well, they are also just talking about NTLM and SAM; not native Windows 2000/Kerberos.
Anonymous comments are disabled

About RWlodarczyk

Robert has been at Microsoft since August 2003. He has worked on WPF Imaging, Media, and Effects, and Windows Vista (in the form of the Windows Imaging Component). He is currently the test lead for the Windows Imaging Component.
Page view tracker