Anyone that has access to your Windows XP/Vista has access to your password. It's almost fun after you learn how to do it. What do you need?
SAMInside is a great program that is fairly quick too in figuring out your password. You do need to copy some essential files though.
It turns out that Windows XP/Vista store passwords in a file in C:\Windows\syster32\config. Two files to be exact. The first file is named "SAM" (stands for Security Accounts Manager). A hash of your password is stored here but it turns out the algorithm Windows uses is horrible. If your password is less than 14 characters, then it splits the password into two 7-character pieces. Another file tries to make this crappy method more "secure" by using some special system properties to encrypt the SAM. The exact information needed for this is stored in the "SYSTEM" file. Once you have both of these files, SAMInside can crack alphanumeric passwords in about 3 hours.
3 hours?! Ok...well maybe a bit longer for some of the weirder people that use punctuation/symbols. But does it really matter? Once a person just copies the SAM and SYSTEM files, you're screwed. Windows does make accessing these files difficult but there are really easy ways around this (boot using a different operating system for example). So what do you do?
- Don't let anyone else touch your computer and make sure no one does... (I guess you could do this, but I prefer #2/#3...)
- Make your passwords longer than 14 characters. Windows puts a different algorithm to hash your password (takes years/eons to crack passwords now).
No comments:
Post a Comment