RE: question regarding SAM file / l0phtcrack / pwdump2
From: Gallant, Dwain (EXP) (dwain.gallant@lmco.com)Date: 12/19/01
- Previous message: Laura A. Robinson: "Re: mac client password changes"
- Maybe in reply to: Mike Shaw: "question regarding SAM file / l0phtcrack / pwdump2"
- Next in thread: Farid Schuda: "RE: question regarding SAM file / l0phtcrack / pwdump2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Dec 2001 13:35:53 -0500 From: "Gallant, Dwain (EXP)" <dwain.gallant@lmco.com> To: Evan Mann <emann@questinc.org>, focus-ms@securityfocus.com
Interesting read: Enabling Strong Passwords on Windows 2000 (a registry
entry and a reboot)
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q225230
Dwain
-----Original Message-----
From: Evan Mann [mailto:emann@questinc.org]
Sent: Tuesday, December 18, 2001 5:52 PM
To: focus-ms@securityfocus.com
Subject: RE: question regarding SAM file / l0phtcrack / pwdump2
I went ahead and got PWDUMP and l0phtcrack and ran it on my SAM. After
dumping my entire SAM, which took all of 2 seconds, I ran through l0phtcrack
v3.0. In UNDER 5 seconds, a good 75% of my users passwords were cracked.
Increase time to 1 1/2 min and 95%. I'm up to 12 mins run time now and
there's very very few users it hasn't discovered..
So now that I see for my own eyes what a joke it would be to get into my
network with a simple SAM dump, what advise do you offer for fixing these
problems?
Yes, 95% of the users passwords are < 8 characters, and many of them either
all numbers or all words. So I see one easy way is to make a minimun length
of 8-10 char with combo of letters/#'s.
What else?
- Previous message: Laura A. Robinson: "Re: mac client password changes"
- Maybe in reply to: Mike Shaw: "question regarding SAM file / l0phtcrack / pwdump2"
- Next in thread: Farid Schuda: "RE: question regarding SAM file / l0phtcrack / pwdump2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
