Hashim – WindowsTechs.com

PDF User Password always give access to the Owner Password, even when encrypted with AES-128

Posted on March 10, 2020 by Hashim

I’ve been messing around with qpdf, and noticed something that seems huge: that a document’s Owner Password is essentially useless, as it can be easily unset, and therefore that only the User Password offers any real security for a PDF.

F… Continue reading PDF User Password always give access to the Owner Password, even when encrypted with AES-128→

Why do viruses that wipe boot sectors exist?

Posted on January 28, 2020 by Hashim

In a moment of desperation and without thinking, I executed an .exe file purporting to be a pirated version of a hard-to-find program, forgetting that I had no real-time antivirus active. A few seconds later Malwarebytes (the free version,… Continue reading Why do viruses that wipe boot sectors exist?→

Do ciphers and encoding schemes make passwords more secure?

Posted on April 7, 2019 by Hashim

I recently came across a tech professional advising a user to take some plaintext of their choice, run it through one of these ciphers, convert it to Base64, and then use the result as their master password on LastPass.

Howe… Continue reading Do ciphers and encoding schemes make passwords more secure?→

Both Ophcrack and ONTP&RE incorrectly show Windows 10 passwords as blank

Posted on October 13, 2018 by Hashim

I’m trying to crack a Windows 10 laptop that I myself set a password on a day or so ago. So far I’ve tried booting into Ophcrack 3.6 and ONTP&RE (Offline NT Password & Registry Editor) from LiveUSBs – both report the … Continue reading Both Ophcrack and ONTP&RE incorrectly show Windows 10 passwords as blank→

Both Ophcrack and ONTP&RE incorrectly show Windows 10 passwords as blank

Posted on October 13, 2018 by Hashim

I’m trying to crack a Windows 10 laptop that I myself set a password on a day or so ago. So far I’ve tried booting into Ophcrack 3.6 and ONTP&RE (Offline NT Password & Registry Editor) from LiveUSBs – both report the password as be… Continue reading Both Ophcrack and ONTP&RE incorrectly show Windows 10 passwords as blank→

Is it still possible to run an online dictionary attack from a single machine, without anonymisation?

Posted on January 2, 2018 by Hashim

This question concerns dictionary attacks conducted:

Over the Internet, using programs like THC Hydra
Via protocols such as HTTP, FTP and SMTP

I believe I’m right in thinking that: a) due to the sophisticated layers of security they te… Continue reading Is it still possible to run an online dictionary attack from a single machine, without anonymisation?→

Are these claims about modern CPUs and AES decryption true?

Posted on April 3, 2017 by Hashim

Because of the format this question is in, it was a toss up between posting it to this site or Skeptics, but I went for here in the end because I’m probably more likely to get a definitive answer.

According to the InfoSec-th… Continue reading Are these claims about modern CPUs and AES decryption true?→

Which is faster – brute-forcing, or using a dictionary attack that contains all possible permutations?

Posted on March 5, 2017 by Hashim

Assuming a 6-character password uses the mixalphanumeric charset, giving each character a character set of 62 and the entire password a keyspace of 62^6 = 46.6 billion (if my calculations are correct), would it be faster to b… Continue reading Which is faster – brute-forcing, or using a dictionary attack that contains all possible permutations?→

Which is faster – brute-forcing, or using a dictionary attack that contains all possible permutations?

Posted on March 5, 2017 by Hashim

Would it be faster t… Continue reading Which is faster – brute-forcing, or using a dictionary attack that contains all possible permutations?→