[nycbug-talk] Secure Passwords Keep You Safer
lists at genoverly.net
Fri Jan 12 15:43:20 EST 2007
By Bruce Schneier
02:00 AM Jan, 11, 2007
"The attack I'm evaluating against is an offline password-
"Offline password guessers have gotten both fast and smart.
AccessData sells Password Recovery Toolkit, or PRTK. Depending
on the software it's attacking, PRTK can test up to hundreds of
thousands of passwords per second, and it tests more common
passwords sooner than obscure ones."
"What's happening is that the Windows operating system's memory
management leaves data all over the place in the normal course
of operations. You'll type your password into a program, and it
gets stored in memory somewhere. Windows swaps the page out to
disk, and it becomes the tail end of some file. It gets moved
to some far out portion of your hard drive, and there it'll sit
forever. Linux and Mac OS aren't any better in this regard."
(this address does not accept public email)
More information about the talk