Earlier today I downloaded the latest Live CD for Ophcrack, the Windows password cracker, and tried it out on a Vista install to see how good of a password buster it is.
Conclusion: Either choose strong passwords, or don't bother with a password at all.
Here's the test - I took a virtual PC that uses Windows Vista that I've been sharing with a few friends (Fred, Barney, Betty and Wilma ... you might know them) and put this up against the Live CD to see how many passwords I could recover.
The process went something like this:
- Download Ophcrack Live CD
- Burn a CD (although I didn't need to do this - I just booted the virtual machine off the .ISO file)
- Let Ophcrack do its stuff
The results were quite staggering. In less than 50 seconds three weak passwords had been recovered (shame on you pcdoc, Fred and Betty ... I'm not letting you on my systems again). However, two much longer and more complex passwords (one consisting of alphanumeric characters, the other more complex) survived.
You have been warned ...