Swiss students have perfected a way to crack Microsoft Windows passwords in a matter of seconds, taking advantage of a design flaw in the way Microsoft creates passwords. Since Microsoft doesn’t include any random data in the password hashes it creates, the same password on two separate machines will create the same hash.
The students created a large (well, somewhat large: 1.2 Gig) lookup table of all the possible hashes. The result is that 99.9% of Windows passwords can be cracked within five seconds!
Since Unix and Mac OS X adds random data to the hash, they are 4,096 times more secure. Attacks against these boxes would also require 4,096 times more memory.
The students have a webpage which allows you to submit your own Windows password hashes for cracking. Check out the paper here.
I am strongly considering disabling password logins on my home machines and changing them all to 1024-bit SSH keys instead. Typeable passwords are too easily sniffed, logged, or cracked!