A project conducted at the Security and Cryptography Laboratory (LASEC) in Switzerland, claims to have reduced by two-thirds the number of calculations needed to mount an attack on a Windows password.

Members of LASEC have also published a so-called Instant NT Password Cracker, designed to break Windows passwords in under five seconds. A posting on LASEC’s web site said the project shows the weakness of systems like Windows that do not include random information in the password hashes, such as salt or initialization vectors. Details of the work are expected to be published at security conference Crypto ’03 in Santa Barbara, California, next month.

The work suggests hackers can theoretically mount more attacks on Windows by using less data to crack users’ passwords. The news will prove uncomfortable for Microsoft.

Microsoft is still locking down security two years into the Trustworthy Computing initiative. That initiative was launched following a rash of embarrassing Worm attacks that exploited vulnerabilities and backdoors in Windows.

The initiative saw Microsoft spend nearly $200m to lock-down Windows Server 2003. Last week, though, the company issued a security patch for vulnerability that not only affected Windows Server 2003 but which was present in legacy versions of Windows.

The LASEC’s work, though, would appear to have thrown Microsoft a fresh challenge in securing Windows. Part-time LASEC lecturer Philippe Oechslin said the new method proposes a way to pre-calculate data needed to attack a Windows password, reducing the number of calculations during crypto analysis.

He said 99% of all alphanumerical passwords could be cracked in 13.6 seconds using 1.4Gb of data, or two CD-ROMs, compared to nearly a minute and a half using so-called distinguished points. We show the gain could be even much higher depending on the parameters used, Oechslin said.

The NT Password Cracker, meanwhile, can break alphanumeric passwords, letters and numbers, in less than give seconds with a data set that holds on a single CD Extended passwords, mixing case letters, numbers and 16 other characters, can be cracked in 30 seconds with a data set that holds on three DVDs.

The NT Password Cracker web page said: Our method is about 6,000 times faster than a brute force attack and 32 faster than the original method of Hellman optimized with Rivest’s suggestion of the use of distinguished points.

Microsoft was unable to comment at the time of going to press.

Source: Computerwire