2013-03-06

Återskapa lösenord på ett konto i MS SQL? Går det? (eller:"Hur knäcker man SQL-lösenord")

Jupp!
Så klart att det går. Inte nog med att det går, det är faktiskt hyffsat enkelt, och de går fort också.
Ofta mycket fortare än man tror..

Geoff Albin har skrivit ihop en artikel på sqlservercentral.com om hur man kan använda GPUn i sin dator för att köra brute-force och knäcka lösenord.

Det krävs att man registrerar sig på siten för att få läsa artikeln, men den här artikeln är riktigt bra så det är helt klart värt det.

Geoff skriver så här: 
There are many reasons you may want to ‘recover’ a password instead of resetting it. Or if you are like me, you are always interested in ‘how’ rather than ‘why’. It doesn’t really matter what your reasons are for recovering a password. What does matter is that you understand just what is involved in recovering a SQL Server login password and how you can protect yourself from a potential attack.

I am not going to go into all the minor details of Microsoft’s method of protecting the SQL Server login passwords. I will instead show you how to obtain free tools from the internet that anyone can run and just how quickly you can recover a password.
Anyone like to play games on their PC?
I personally do not play games, but my kids do. They have computers that have large and powerful graphic cards inside of them. I found out in my quest that this is a really good thing. A GPU (Graphics processing unit) is way more powerful than a CPU (Central processing unit) for running the needed algorithms for recovering a password. I will show methods that do not require a GPU, however, the time needed to recover a password on a CPU will be significantly longer
 
[....]
Sedan avslutar han så här:
[....]
That is really the message here folks. How long and complex are your passwords? I can recover a 8 character password in under 3 minutes.
I knew an associate once that would tell me he used random strings of numbers 14 characters long. He would swear up and down that his passwords were safe. On my GPU system I can recover 14 characters of numbers in less than 40 minutes.

Conclusion
Are your SQL Login passwords safe? Are they long and complex or made easy for you to remember? While tools like Hashcat are great for helping you administer a database, they can also present a huge problem. Check them now and often to keep your data safe.
 
 
Gå in och läs artikeln. Man hittar den här:
 

Inga kommentarer:

Skicka en kommentar

Related Posts Plugin for WordPress, Blogger...