Tech-2 Security

Been doing a lot of work around password security lately and I think it is fair to say that given enough time any password can be cracked. The time could be hundreds or thousands of years in some cases when using brute force methods . In reality though this time is likely to be a lot shorter than we think due to end users only being able to cope with relatively short passwords. Using various tools on windows XP and Vista and 7 machines it was surprising to see just how many passwords were recovered in a matter of minutes and not hours or years even. Passwords on Windows machines can be local or cached Domain credentials. Password attacks can be classified into two main categories: Online: Where the attacker is physically on the PC or network in question and is either actively trying tools against the host pc or attempting to sniff the traffic to and from that machine for hashes on the wire(Later take offline). An important note here is that we do not need administrative credent