Windows 7

[scubaman]

various win7 beta builds have been around the usual torrents/newsgroups for awhile and it's still a fail-OS, although anything is better than Vista I guess.

incredibly the password hashing scheme is the same one used since XP. the hashing is not salted, which allows easy recovery from readily available dictionaries full of of collected password hashes anybody can download and use instantly guaranteeing more nigerian spam botnets and trojans for years to come.

the UNIX crypt man page says salting password hashes to prevent this has been implemented since 1975. gj microsoft being more obsolete than I am old

Here is the real info

But things are different with newer versions of Windows. Windows 2000 and XP passwords can now be up to 127 characters in length and so 14 characters is no longer a limit. Furthermore, one little known fact discovered by Urity of SecurityFriday.com is that if a password is fifteen characters or longer, Windows does not even store the LanMan hash correctly. This actually protects you from brute-force attacks against the weak algorithm used in those hashes. If your password is 15 characters or longer, Windows stores the constant AAD3B435B51404EEAAD3B435B51404EE as your LM hash, which is equivalent to a null password. And since your password is obviously not null, attempts to crack that hash will fail.

[luvsthetrannys]

attempts to crack that hash will fail.

lol. try this, install Win7, make a bunch of accounts. make two accounts with the same password, then use the free program Cain to dump the hashes. notice the two accounts with the same passwords also have the same hashes, thus allowing easy decryption. this also worked on a Win2008 64bit server datacenter install using fgdump to gather the hashes

[scubaman]

attempts to crack that hash will fail.

lol. try this, install Win7, make a bunch of accounts. make two accounts with the same password, then use the free program Cain to dump the hashes. notice the two accounts with the same passwords also have the same hashes, thus allowing easy decryption. this also worked on a Win2008 64bit server datacenter install using fgdump to gather the hashes

Dude read

If your password is 15 characters or longer, Windows stores the constant AAD3B435B51404EEAAD3B435B51404EE as your LM hash, which is equivalent to a null password. And since your password is obviously not null, attempts to crack that hash will fail.

[luvsthetrannys]

Dude read

cain and fgdump don't care about this magical null password hash that doesn't exist. try it yourself, make a password any length (you can't type in a 127 character pword during install, you have to use the reset password dialog box), rip the hashes then decode with numerous available hash tables.

the security and cryptography lab @ EPFL in Switzerland even had a site up in 2003 showing they could crack any alpha-numeric combination up to 127 characters in an average time of 13 seconds if you cut+paste in the hash values. since there's only so many symbols that can be used I'm sure there's a ton of available hash tables over the years for those too. obsolete indeed