October 13, 2004


ophcrack - This is a version of Rainbow crack. Input a hash key in the webpage and receive the corresponding password!

Read Robert Hensing's Incident Response WebLog on "Why you shouldn't be using passwords of any kind on your Windows networks . . ." Robert makes a great point about not using passwords, but pass-PHRASES. Or, in my opinion, use an incredibly long password like I do. Ophcrack cracked only 7 characters of my 15 character password, AND got the case wrong. Also, disable LMHashes on your servers. The only reason you need the LMHash table is to provide backward compatability with Windows 95 and 98 clients. Most (sane) folks don't support those clients on thier domains, so it's safe to disable.