Date: 02/25/06 (Microsoft Windows)    Keywords: web

I recently posted a how-to on my webpage, detailing five easy steps to crack windows passwords. This isn't news - it's a widely known procedure.

However, one thing that bugged me was how quickly one can brute-force relatively secure passwords. Using the meathod described on that page, I was able to break the passwords “pr1ntm3!” and “c1g@r3tt3s@reb@d” in under 5 hours. I don’t even want to think about how fast one can crack passwords that don’t use symbols or numerals.

Does anyone have any thoughts about this? I’ve always accepted that physical access to a machine is the equivilant to compromising that machine; one can always boot into safe mode, or run a liveCD. However, actually figuring out passwords is a whole nother story: many people use similar, or identical passwords, for many different logins.

I’m just curious to hear what other people thing about this sort of thing.

Source: http://community.livejournal.com/ms_windows/60302.html