We talked about passwords in class and heard Professor F tell his story about guessing people’s passwords. Well, unless you have that kind of talent for guessing, you probably don’t want to go through that frustration. On my job, my boss gave me a computer to install something on but didn’t tell me the password so I couldn’t log in to install the program. I would’ve asked him for it but he was gone from his office for an appointment for half the day. It was nothing that couldn’t have waited until he got back, but I thought I’d give a password cracking tool a shot so I could get the job done (I should mention that this was an OK thing for me to do but not for other employees). After browsing for a little while I came across Ophcrack on http://pcsupport.about.com/od/toolsofthetrade/tp/passrecovery.htm and read that it “is by far the best free Windows password recovery tool available” . It uses rainbow tables to brute force guess the password. So I burned it to a LiveCD and popped it into the drive of the machine and rebooted. It ran for about 10 minutes and came up with nothing.
The downside of this software is it only works if the password you’re trying to guess is 14 characters or less and is alphanumeric. When my boss finally came back and entered the password I could tell it was longer than 14 characters and had symbols in it as well. Good on him for having a strong password but it was kind of annoying that Ophcrack didn’t work. There are rainbow tables that you can buy that use a larger charset – http://ophcrack.sourceforge.net/tables.php  – but we like to keep things free whenever possible. Go ahead and give it a shot if you’d like, to see if your password can be cracked. It is pretty easy to protect against this. Just make sure:
1. Your password is greater than 14 characters
2. Your password has lowercase and uppercase letters, numbers, and symbols
3. Disable booting from CDs and USB drives and use an administrative password on your BIOS.