Tuesday, September 11, 2007

Ophcrack: Your double-edged sword

Ophcrack is one of many password cracking tools. While I cannot attest to their claims that they can crack 99.9% of passwords within seconds, it does should like they can get most passwords quicker than you would like. One of their tricks is to have a very large number of passwords encrypted into their protected form. The software then compares the encrypted password it finds on your system with the ones it has made. Once it finds it, it then knows the password required for that pattern to be produced.

The good side of this program is that it can help you to unlock computers that you don't have the password for. This can happen when you either forget, someone as reset it to something you don't know, or the computer has been donated and the owner is not around.

But, the downside is more obvious. A student could put in the ophcrack CD, boot the computer off that CD and then get the password. While I'm not positive, I suspect that finger scanners would not be much help because the finger scanner is only to confirm you identity and then the system inserts a password. The password would be sitting on the system. Probably it's complicated enough that you don't have to worry, but you may want to find out. The only system I would have confidence in would be a smart card system where the password is always changing and checked against a server in a remote and hopefully well-protected location.

T

No comments: