Ophcrack Password Cracker

We talked about passwords in class and heard Professor F tell his story about guessing people’s passwords. Well, unless you have that kind of talent for guessing, you probably don’t want to go through that frustration. On my job, my boss gave me a computer to install something on but didn’t tell me the password so I couldn’t log in to install the program. I would’ve asked him for it but he was gone from his office for an appointment for half the day. It was nothing that couldn’t have waited until he got back, but I thought I’d give a password cracking tool a shot so I could get the job done (I should mention that this was an OK thing for me to do but not for other employees). After browsing for a little while I came across Ophcrack on http://pcsupport.about.com/od/toolsofthetrade/tp/passrecovery.htm and read that it “is by far the best free Windows password recovery tool available” [1]. It uses rainbow tables to brute force guess the password. So I burned it to a LiveCD and popped it into the drive of the machine and rebooted. It ran for about 10 minutes and came up with nothing.

The downside of this software is it only works if the password you’re trying to guess is 14 characters or less and is alphanumeric. When my boss finally came back and entered the password I could tell it was longer than 14 characters and had symbols in it as well. Good on him for having a strong password but it was kind of annoying that Ophcrack didn’t work. There are rainbow tables that you can buy that use a larger charset – http://ophcrack.sourceforge.net/tables.php [2] – but we like to keep things free whenever possible. Go ahead and give it a shot if you’d like, to see if your password can be cracked. It is pretty easy to protect against this. Just make sure:

1. Your password is greater than 14 characters

2. Your password has lowercase and uppercase letters, numbers, and symbols

3. Disable booting from CDs and USB drives and use an administrative password on your BIOS.






5 thoughts on “Ophcrack Password Cracker

  1. I have used OPHCrack many times. I think the 14-character password caveat is more than enough when the average Joe loses/forgets their password. I have not done enough research on password crackers, so I wonder if there is another one out there for more complex passwords.

    • You’re probably right, the 14 character alphanumeric limit of the free version of Ophcrack probably is enough to crack the password of the average person who doesn’t know any better. All we can do is try to educate.

      Some of the other programs in that link, (http://pcsupport.about.com/od/toolsofthetrade/tp/passrecovery.htm) like Offline NT Password & Registry Editor actually erase the password instead of figuring out what it is. But that isn’t as stealthy as actually using the person’s password because they will know something’s up when they find out their password no longer works. As far as other password cracking tools for Windows, I haven’t heard of any that seem to work as well (in theory) as Ophcrack.

  2. I’ve always been impressed by how many times when I use OPHCrack it almost instantly figures out the password by using its dictionary list. Great tool.

  3. I totally agree with you that a strong complex passwords protect you from hacking. I use a complex passwords for all of my accounts. One day my sister wanted to figure out one of them and she spent a whole day trying many different passwords but she couldn’t get me:)

    • Haha siblings sure can be sneaky. That’s also a very good point – people should not only use a complex password but a different complex password for each account so there is not a single point of failure.

Comments are closed.