• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

any IT guys who get to see everyone's passwords?

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
I have access to quite a few passwords, and I can say that an alarming amount use either their first name or last name with the month number in the middle. For example, my password would be evad12man. (12 for december) Bah.

My passwords are nearly totaly random numbers and characters for important stuff. For example: e4g65erf (not one of my passwords, so don't even bother 🙂) I am blessed with an exceptional momory 🙂 However, I do use some idiotic passwords on stupid stuff, but I always put numbers int he middle. For example, "id10t" (idiot) or st00pid (stupid). Every once and a while i'll toss in some messed up leet speak, "31it3" (elite)
 
Originally posted by: jagec
Originally posted by: yllus
If you're using software not coded by a 3-year-old, an administrator should never be able to "see" a user's password. One-way encryption is used so that after hashing the password, even the computer itself doesn't know what the password originally was anymore.
Click to expand...

You must be talking about Windows then, because any decent cracking program can find < 5 char passwords in a couple seconds. Much longer as the password length grows.
Click to expand...
I admit to not being an expert on the encryption scheme used in Windows 2000/XP, but a cursory look through Google proves that I am correct.

All the "password recovery" applications advertised for some fee on the Web are more accurately described as "password reset" applications. This is a completely different animal - it jacks in before the Windows OS can begin loading, and knowing the location of where the password is kept in the file system simply overwrites whatever data is stored with a new password. This still means that nobody knows the text string the user originally entered as their password, but it gains them access to the file system nonetheless.

Examples: Lostpassword.com, Tomdownload.com.

Even with short strings (4-6 characters) the best hope one has is to brute force and essentially get lucky in finding the actual password - certainly not a process that would take a couple of seconds. More like a couple of hours, days or months. If you can show me a tool that does otherwise I'd be very interested in seeing it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top