It looks like nothing was found at this location. Maybe try a search?
Table of Contents
If you do not know your current CS account password, please contact
If you do not know your current WIN-CS account password, please contact
To reset your password for already existing accounts on the
Windows machines in the Microsoft Research Lab (MRL), you must
have a CS account. If you do not know your current CS password,
please contact email@example.com.
To change your MRL account password, please click
Here we take a few paragraphs
to explain what the "Crack" program is and isn't, how it works, and suggest
some sorts of ways to form more secure passwords.
By the way, the program and the lists described below are all publically
available. We just would like to keep ourselves one step ahead of the amateur
The "Crack" program is a password GUESSING program. It takes any provided
list of "words" and a list of ENCRYPTED passwords, and then tries to find
which words, when encrypted match one or more encrypted passwords. Here
the term "words" means any string of acceptable characters. Some things
that might be outside of one's expectation of words are words in this sense
including "1", "qwerty", "98765432", etc.
The "Crack" program, while it is a brute-force guesser, is not a blind
guesser. There are about 124^8 (about 5.96 E 16) combinations of 8 characters
possible. If one systematically tried all 8 character strings at 1000 tries
per second on 1000 machines in parallel, it would take about 18 centuries
to exhaustively cover that search space. (Expected time (50% probability
level) to crack exactly 1 password would be only 9 centuries. If there
were 100 randomly chosen passwords (uniform distribution), this expectation
drops to only 18.8 years to find one but still is at 944 years to expect
to cover 50 of them.)
People, however, do not tend to choose random strings. They tend to
pick keyboard patterns (like "qwerty", "!@#$%^&*', etc.) and natural
language words. Suddenly an adversary doesn't have to try 5.96E16 strings.
With our current list of "words", we make about 2.2E7 attempts against
a password that we do not break. This can be done on one machine at 1000
tries per second in 6 hours.
Currently our success rate (or should we view this as the failure rate)
sits at 22% using a lists of dutch, english, french, german,
italian, norwegian and swedish words plus lists of names, jargon words,
keyboard patterns and anything else people tend to use when
picking passwords. Of course, new lists of words are added when available.
In other words do NOT assume hebrew, spanish, korean, chinese, and japanese are safe.
Things to AVOID:
Some password constructions are easily guessed by a program such as
Crack and should be avoided! Crack uses about 77 variations on the GECOS
information and 240 variations on the dictionaries.
* For the GECOS information this starts with the words in the GECOS
field and the initials of that field. To quote from the Crack documentation,
The data fed to the gecos rules for the user aem, who is "Alec
David Muffett, Systems" would be: aem, Alec, David, Muffett, Systems, and
a series of permutations of those words, either re-ordering the words and
joining them together (eg: AlecMuffett), or making up new words based on
initial letters of one word taken with the rest of another (eg: AMuffett).
Crack then tries these directly, uppercased, lowercased, reversed, doubled
up (e.g. "aemaem"), mirrored (e.g. "aemmea"), capitalized, capitalized
and doubled, capitalized and flipped, with appended punctuation and digits
(e.g. "aem!", "aem.", "aem3"), with prepended strings (e.g. "!aem")
For the dictionary attacks, instead of using GECOS information Crack
uses the word lists available. It tries, among other things:
- Force every pure alphabetic word lowercase and try it
- Pluralise every significant one of the above
- Try variations of anything that is not pure alnum
- Any alphaword >2 & <8 chars long, append a digit or simple punctuation
since few ppl add non alpha chars to a already non-alpha word
- Lowercase every pure alphabetic word and reverse it
- Capitalise every pure alnum word (ie: not anything which is not alnum)
- Anything uppercase
- Pure alphabetic words with vowels removed which are still fairly long
- Longish pure words lowercased and reflected
- Words containing whitespace, which is then squeezed out
- In a similar vein, words with punctuation, squeezed out
- Reasonably short words, duplicated. eg: "fredfred"
- various combinations based on graphic or phonetic similarities such as
"l"->"1", "o" -> "0", "0" -> "o", "e" -> "3", "a" -> "2"
- Prefixing words with digits and punctuation
- Capitalise and then reverse every word (eg: "derF")
- Reverse and then capitalise every alphabetic word (eg: "Derf")
- Pure words capitalised with various ejaculatory punctuation added eg: "Cats!"
for Andrew Floyd-Drebber fans...
- Uppercase words with various things appended or swapped out
- Really weird uppercase variations (doubled, mirrored, reversed)
Revised: March 13, 2007