Crack Windows XP and Vista Passwords in Seconds

Last updated: Apr 10, 2008

Back in the day there used to be a program called lophcrack that was fairly good at cracking Windows passwords. Fortunately it wasn’t very effective for cracking strong passwords. Today I ran a newer cracking program on my computer called, ophcrack. As some of you know I tend to have extremely secure passwords contain numbers, letters, and other special characters. Not only did ophcrack find my password it found all but one character in my password in less than 20 seconds. That leads me to believe that it can crack pretty much any length of password in minutes.

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

I can only imagine people using this on public computers at a university or somewhere to get administrator passwords and such. Typically if you have physical access to a computer you can alter password files and reset them but resetting a password is a sure sign that someone has done something. If you can simply figure out what the password is and use it, they will have no idea.

Ophcrack may be a good tool for people that forget their passwords but it poses a fairly large security risk to many people. Based on my experience people tend to have only one or two passwords that they use and the password they choose for windows is usually the same for email, online banking, or other sensitive services. If you crack their windows password there is a good chance you can login to their email service too. Email is one of the most precious things to safe guard because once compromised you can request passwords to other online services at will.

Moral of the story would be to pick a different secure password for each service that you use. I guess I can add this as another reason I Hate Microsoft Windows.

