Re: Looking for a tool or utility to crack password?

From: Byron Hynes [MS] (bhynes_at_online.microsoft.com)
Date: 10/22/05 

Date: Sat, 22 Oct 2005 10:08:47 -0700

If these people do not understand when the CEO sends an email that says "Your
child's name is not a complex password. Complex passwords must be used on
our network. Disregarding our security policy (available at xxxxx) will lead
to disciplinary action, up to and including termination of employment", then
why would they [a] go through the extra steps to run this utility, [b] understand
when the utility says "Your child's nmae is not a complex password", and
then [c] change their behavior?

Writing a tool to check the complexity rules would take me about 30 minutes
in VBscript (I'm sure a vb.net dev could do a windows app in about the same
time), but I'm not sure it would accomplish anything. I'm sure some unscrupulous
person would sell you a compilation of pre-created hashes, if you really
want to check against those, but most user passwords can be "cracked" by
checking pre-created hases pretty quickly.

Byron Hynes
Windows Server
Microsoft Corporation

http://spaces.msn.com/members/byronphynes

> Hi Roger,
>
> Thanks for the reply, May be i did not ask the question properly. It
> will be just an interface on a laptop not connected to the network
> that the user will key in the password where the tool will demostrate
> if the password has passed complexity else it will show that it is
> cracked within a split of a second.
>
> I do understand that we are using Kerberos protocol for password
> authentication since we are all XP and 2003 but my main concern is
> that some of our users will still not follow the rule of password
> complexity. Some of them are still using names of their children with
> some numbers for domain logon.
>
> Thks,
> Guy

Quantcast