Talk:Reverse Engineering/Cracking Windows XP Passwords

I think it is against general wikibooks policy to have a book designed only to aid in the breaking or cracking of a particular software architecture. Also, from a liability point of view, it might be dangerous for wikibooks to host this information (however interesting). There was a long debate about theReverse Engineering book, because it was worried that some parts of that book would aid in illegal actions. I will probably list this book under Votes for Deletion, and see what the consensus is. However, just because this book might not belong on wikibooks, does not mean that the information is not valuable, and should not be disseminated. I won't list this one up for deletion for at least a day, and the deletion process may take several days in and of itself (although some deletions happen very quickly). This should give you plenty of time to move this information to a more suitable location (if you wish to save it at all). If you have any questions, leave me a message on My talk page. --Whiteknight T C E 21:30, 31 October 2005 (UTC)


 * Actually this info is very good for me... I am right now designing an application... and this has made me rethink the way I am going to store sensitive info... seeing flaws in other security methods really gets you thinking! 220.233.48.200 13:06, 1 November 2005 (UTC)


 * I listed this book up on VFD. If you do not want this book to be deleted, i suggest you vote against the measure. As an alternative, maybe this page should be merged into another book such as the Reverse Engineering book, which is an alternative that you could suggest --Whiteknight T C E 18:00, 1 November 2005 (UTC)

I agree
I believe that this data has its rightful place, but I'm not sure that the place should be here in a freely-accessible forum. As a network admin, I am always looking for ways to streamline the tasks I must attend to daily and this information has been an idea addition to my arsenal of admin trix, but the truth is that out of 100 people that actually use this information, my bet is that about 95% of them are up to no good. Just my .02.

I suggest this infomration goes on a list of "Known Vulnerabilities of ..." e.g. of various softwares or even under the article of XP on Wikipedia rather than here. A title like "How to Crack..." might raise eyebrows and unwanted attention which could result in legal nuisances even though I agree the title is very effective.

Furthermore I believe that good universities or learning places should possess a degree of ethical code in order for their survival. Have you ever heard of a good University for becoming a thief. I agree that a police-man should know all the trix of he trade of a thief in order for him to do his job better but the book he will be given will never be called "How to rob a 90 year old" or "Bank Robbery for dummies" but rather e.g. "Characteristics and Behaviour of Criminals". SDAM!

I don't agree
i knew about this but in a easier and faster way (no need to crack the password) i think the article must be modified to give the parad to this too easy method because this is a major security threat this needs to be known BUT with the associated parad: crypt the hd: on windows 2000/xp (nt series don't know if nt4 is concerned) there is an option in ntfs that permit to crypt folders and file so why not crypting theses SAM files (need to test it and to be able to restore it with bart-pe or another windows installation if the computer doesn't start) so i think crypting the hdd is a solution but they may be some others


 * Info like this is available in hundreds of hack sites etc - so whats one more ? However I guess moving this to make it part of a more comprehensive article/book makes a lot of sense. 59.92.131.39 07:11, 6 November 2005 (UTC)


 * Security through Obscurity is widely argued to be an inadequate means of protection. Fostering this paradigm is of little aid to the developers of products which run on Windows XP.


 * In fact, open source software (such as Linux) tends to be more secure that others (such MS Windows), because security holes can be proactively addressed. (Note that when Microsoft patches a security vulnerability in their software, in most cases, that flaw has existed since release.  Flaws in an open source system can be addressed before vulnerability is discovered or “proof of concept” is exploited with malicious intent.


 * I did not know of the importance of passwords greater than 14 characters. This article has been of use to me; I will be updating my XP password.

Reverse Engineering
I'm going to adapt some of this information for use as an example in the Reverse Engineering wikibook. I also recommend that this information be moved (in whole or in part) to the Cryptography book, or any of the Windows-related books on the computing bookshelf. This module cannot stand on it's own, but it probably won't fall under the VfD axe either (not yet anyway). --Whiteknight T C E 19:50, 14 November 2005 (UTC)


 * While I don't mind you moving this somewhere else, I don't see completely why it would fit in Reverse Engineering. This is more a tool for what some sort of PC technician would need to do system repairs.  That is why I advocated instead for something like PC Technicians Repairbook as the "parent" for this Wikibook module.  Reverse Engineering would be taking stuff from Ralf Brown's list and trying to make an operating system from those specifications and memory address descriptions.


 * I don't know completely what should be done, and it can be moved again even after putting in the Reverse Engineering wikibook, so I guess it really doesn't matter too much. I agree completely that it can't stay as an independent module.  The Reverse Engineering that needs to take place, IMHO, is to take the external web pages and reverse engineer those programs to explain in more detail the actual algorithm which is being used.  Some sample software should be listed as source code as well.  --Rob Horning 07:37, 15 November 2005 (UTC)


 * I only said that I was adapting some of the information as a case study in the reverse engineering book, because let's face it: cracking passwords is part of reverse engineering. However, i also specifically mention that the majority of this information should definately go to either the Cryptography book, or else one of the computing books about windows. I agree whole heartedly that we can probably move this page to the PC Technicians Repairbook, or something similar. It did, however, make a valuable example for RE, so i'm also going to use it there as well. --Whiteknight T C E 14:43, 15 November 2005 (UTC)


 * A simple vote to move or consolidate this information into a catagory or book that encompasses a realm it should fall under. This should not stand alone. --MichaelMraz16:29, 15 November 2005 (UTC)

What the hell is a "parad"?
is this even a word? --Spoon! 05:29, 7 July 2006 (UTC)


 * I have to be honest, I have no idea what it could be. This page was merged wholesale from a stub book on the subject a long time ago, and clearly it hasn't been edited much since that time. If you can figure out what they are trying to say, you can go ahead and fix it. Otherwise, I am in favor of simply deleting the section entirely. --Whiteknight (talk) (projects) 12:21, 7 July 2006 (UTC)

Hash generation no longer "computationally difficult"
Opening sentence says: This page is about cracking (recovering) passwords on Windows XP machines, which is a computationally difficult process.

See article SSD tools crack passwords 100 times faster; excerpt:

Password-cracking tools optimised to work with SSDs have achieved speeds up to 100 times quicker than previously possible.

After optimising its rainbow tables of password hashes to make use of SSDs Swiss security firm Objectif Sécurité was able to crack 14-digit WinXP passwords with special characters in just 5.3 seconds. Objectif Sécurité's Philippe Oechslin told Heise Security that the result was 100 times faster than possible with their old 8GB Rainbow Tables for XP hashes.