[Timesink]

"Fascinating."

[Cold Heat]

Great News! [sarc]

[Jhoffa_]

...

[meyer]

This would be more useful if I knew what a "lanmanager hash" was. They want information from me that I don't even have, let alone am willing to give out. So what's the catch - you give them a code, they decode it for you?

[general_re]

This is almost completely useless as an exploit.

[Southack]

Oh please. All you need is the emergency boot disk to have access to the whole Windows system sans password.

[Ramius]

This isn't an exploit. It's a cute sophomore computer science programming exercise.

[Russian Sage]

Assuming the numbers in the article...

This only speeds things up by a factor of 10,000, so a brute-force attack would only take about 14 hours.  That may seem much longer but a password that can be brute-force cracked in 14 hours stinks big time  And since the attacks can be done away from the target computer, what's the hurry?

Salting passwords does slow down the storage/time tradeoff attacks, but does zilch against the brute-force attack - the same password still takes only 14 hours to crack against Unix.

Does anyone know how much salt Unix uses these days? It believe it used to be only 12 bits. If that is the case now, 12 bits of salt only retard things by a factor of 4096. That could be a crack in 6 hours instead of 5 seconds with the same storage,  a crack in 5 seconds with about 4000 GB, or a crack in 100 seconds with only about 200GB.

There is no technology to make a short password secure. Use a long password whether or not they make you.

[amarok]

bump

[AppyPappy]

We have implemented an online demo of this method which cracks alphanumerical passwords in 5 seconds average

Except we only allow 3 bad passwords in a row. Sorry

[TravisBickle]

Does this mean my wife will be able to find my porn?

Techies, anyone?

[tutstar]

bttt

[jriemer]

Dude, that's some powerful hash!