<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
Article Discussions
»
Article Discussions by Author
»
Discuss content posted by Geoff Albin
»
How to recover a SQL Server login password.
36 posts, Page 1 of 4
1
2
3
4
»
»»
How to recover a SQL Server login password.
Rate Topic
Display Mode
Topic Options
Author
Message
Geoff A
Geoff A
Posted Sunday, March 03, 2013 5:18 PM
SSC-Addicted
Group: General Forum Members
Last Login: Wednesday, May 15, 2013 11:01 AM
Points: 485,
Visits: 1,566
Comments posted to this topic are about the item
How to recover a SQL Server login password.
Post #1426046
Wayne Evans-440401
Wayne Evans-440401
Posted Monday, March 04, 2013 1:25 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: Thursday, May 09, 2013 3:28 PM
Points: 108,
Visits: 216
Nice. Knew there must be a tool to do this
I can see my pcs graphics card will be busy this afternoon to see how long it takes to break my pass
Wayne
Did you get access denied? Great the security works.
Post #1426114
Carmelo Messina
Carmelo Messina
Posted Monday, March 04, 2013 2:49 AM
Forum Newbie
Group: General Forum Members
Last Login: Friday, May 10, 2013 7:34 AM
Points: 1,
Visits: 37
Hi,
in my system
select name, password_hash
from sys.sql_logins
returns null for password_hash for simple users.
so what permissions is required?
Carmelo
Post #1426141
BenWard
BenWard
Posted Monday, March 04, 2013 4:22 AM
Old Hand
Group: General Forum Members
Last Login: Wednesday, May 08, 2013 7:23 AM
Points: 324,
Visits: 531
Very useful article, but I can't help but wonder if this was just an excuse to show off that you have a 7970 clocked at 1010MHz!
I read some time ago that very long but easy to remember pass-phrases like peanutbutterandjellysandwiches actually take a password cracker longer to answer than supposedly safe passwords like for example Z34d*&1a.
Alas I don't have access/permission to play with this tool at work - any chance you could run up a benchmark/test or comment on a long pass-phrase like this?
I wonder if this technology supports crossfireX ... :D
Ben
^ Thats me!
----------------------------------------
01010111011010000110000101110100 01100001 0110001101101111011011010111000001101100011001010111010001100101 01110100011010010110110101100101 011101110110000101110011011101000110010101110010
----------------------------------------
Post #1426173
Wayne Evans-440401
Wayne Evans-440401
Posted Monday, March 04, 2013 4:44 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: Thursday, May 09, 2013 3:28 PM
Points: 108,
Visits: 216
slightly off topic: For the likes of windows passwords back in the 2000/2003 server days, it looked to the lay person (me) that, only stored the first 8 characters were encrypted in the SAM (no idea what 2008/2012 does) The remaining characters were readable (with a tool like l0pht), so to use Bens example, it would show as
********tterandjellysandwiches
pre any bruteforce decryption. A human could probably figure out the missing words, or at least know not to bother with numbers, uppercase or symbols for the brute force crack.
Maybe using long alphanumeric + symbols passwords is the way forward again to make the delay too long for the brute force method to find the password i.e. before the important passwords get changed
Must investigate to prove this one way or another to myself! :)
Wayne
Did you get access denied? Great the security works.
Post #1426180
Geoff A
Geoff A
Posted Monday, March 04, 2013 5:25 AM
SSC-Addicted
Group: General Forum Members
Last Login: Wednesday, May 15, 2013 11:01 AM
Points: 485,
Visits: 1,566
BenWard (3/4/2013)
Very useful article, but I can't help but wonder if this was just an excuse to show off that you have a 7970 clocked at 1010MHz!
I read some time ago that very long but easy to remember pass-phrases like peanutbutterandjellysandwiches actually take a password cracker longer to answer than supposedly safe passwords like for example Z34d*&1a.
Alas I don't have access/permission to play with this tool at work - any chance you could run up a benchmark/test or comment on a long pass-phrase like this?
I wonder if this technology supports crossfireX ... :D
crossfire is supported. so is SLI if you use NVIDIA.
i am not bragging. if i were i would tell you I actually have an HP workstation with 2 XEON procs and crossfired 7970's
your 30 character password is stronger than your 10 character password.
you have to use the CPU version of hashcat to crack 30 characters and with 16 cores it would still take over 100 years! I suppose if you have a rack of Cisco UCS's at your dispossal, you could get that down to a handful of days.....
Post #1426191
BenWard
BenWard
Posted Monday, March 04, 2013 5:41 AM
Old Hand
Group: General Forum Members
Last Login: Wednesday, May 08, 2013 7:23 AM
Points: 324,
Visits: 531
excellent - thanks for the info.
I've decided to do some maths.
If you used a dictionary based brute force it might feasibly take less time I suppose depending on how many words were in your dictionary.
The Oxford English dictionary has ~ 220,000 words plus they estimate more than 8000 additional words are in use.
the number of possible combinations on a 5 word pass-phrase like peanut butter and jelly sandwiches would be 228000^5 or:
616132666368000000000000000
for a letter-by-letter brute force attack you'd be looking at 26^30 or:
~281319890128474591925862102961600000000000
an 8-character 'secure' password has roughly 80 different characters you might expect to see used 80^8:
1677721600000000
so a dictionary attack is dramatically quicker on the passphrase than character by character but is easilly scuppered by throwing the number 5 into the middle of a word, using a French word etc. Even with the dictionary attack it is still hugely more effective than the regular 8 character model in use by most places.
Fun times.
Ben
^ Thats me!
----------------------------------------
01010111011010000110000101110100 01100001 0110001101101111011011010111000001101100011001010111010001100101 01110100011010010110110101100101 011101110110000101110011011101000110010101110010
----------------------------------------
Post #1426198
SQLCharger
SQLCharger
Posted Monday, March 04, 2013 5:48 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: 2 days ago @ 8:30 AM
Points: 153,
Visits: 1,278
Scary and unsettling.
More reason to ensure access to master db is restricted (backups too!)
Long live long passwords
Cheers,
JohnA
Post #1426199
paul.knibbs
paul.knibbs
Posted Monday, March 04, 2013 6:19 AM
Ten Centuries
Group: General Forum Members
Last Login: 2 days ago @ 4:56 AM
Points: 1,256,
Visits: 4,253
Wayne Evans-440401 (3/4/2013)
slightly off topic: For the likes of windows passwords back in the 2000/2003 server days, it looked to the lay person (me) that, only stored the first 8 characters were encrypted in the SAM (no idea what 2008/2012 does) The remaining characters were readable (with a tool like l0pht), so to use Bens example, it would show as
********tterandjellysandwiches
It didn't quite work that way. The old LAN Manager password system that was used prior to Kerberos authentication split the password into two 7-character chunks and encrypted them separately--it was thus possible for a password cracker to deal with each half individually and work much faster. It also wasn't case sensitive, massively reducing the possible list of passwords any cracker needed to check. Note that Windows 2000 and 2003 would still generate a LAN Manager hash for any passwords shorter than 15 characters in order to maintain backward compatibility with older versions of Windows that didn't recognise Kerberos.
The password specified above would be too long to get an LM hash on Windows 2k/2k3, so you'd only have a problem if you were trying to use it on a pre-Active Directory domain. It would get split into PEANUTB and UTTERAN, and since both of those are simple dictionary words with one or two letters attached, would be crackable extremely easily.
Post #1426206
Jeff Moden
Jeff Moden
Posted Monday, March 04, 2013 8:10 AM
SSC-Dedicated
Group: General Forum Members
Last Login: Today @ 12:30 PM
Points: 32,893,
Visits: 26,770
Wow! Awesome article, Geoff! This is spooky stuff. I knew that passwords mostly kept the honest man honest because there's lots of ways to crack them especially with the power built into some of these bloody video cards. I just had no idea how fast they really were. Thank you for the time you spent on this article. It's going to help me a lot.
--Jeff Moden
"
RBAR
is pronounced "ree-bar" and is a "Modenism" for "
R
ow-
B
y-
A
gonizing-
R
ow".
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
Post #1426265
« Prev Topic
|
Next Topic »
36 posts, Page 1 of 4
1
2
3
4
»
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
