Security Basics mailing list archives
RE: Using non-printable characters in passwords
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Tue, 12 Aug 2003 08:10:57 +0100
I know you don't want to hear this, but remember that MS Windows NT or 2000 running in hybrid mode uses an NTLM hash to represent the password. This hash represents only 7 characters, meaning that if you have a 21 character password, it is really 3 consecutive 7 character passwords. Thus your 21 char pass is barely stronger than a 7 character password. For this reaason complexity is very important in windows, and not length. just a reminder for anyone in a windows environment who is setting password requirements. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -----Original Message----- From: Birl [mailto:sbirl () temple edu] Sent: Wednesday, August 06, 2003 8:41 PM To: security-basics () securityfocus com Subject: Using non-printable characters in passwords Using cross-platform keyboards (SUN, Windows, Mac), how does one use non-printable characters in their passwords? Since I work cross-platform, I use only a limited number of characters while holding down the CTRL key. Whilst searching Google, I came across a SecurityFocus article that said: "hold down the ALT key while pressing the 1,2, and 9 keys on the numeric keypad" Additionally, the Google search I used non-printable characters passwords came up with more information about recovery and programs to avoid using non-printable characters. Are there any other combinations? If I recall correctly, a SANS instructor mentioned making use of the "Print Screen" key. Thanks in advance Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*= ===* --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Using non-printable characters in passwords Birl (Aug 06)
- Re: Using non-printable characters in passwords Tim Greer (Aug 07)
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Meritt James (Aug 07)
- RE: Using non-printable characters in passwords Manuel Lanctot (Aug 07)
- Re: Using non-printable characters in passwords Birl (Aug 07)
- RE: Using non-printable characters in passwords dave kleiman (Aug 08)
- <Possible follow-ups>
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Jay Woody (Aug 08)
- Re: Using non-printable characters in passwords Mr Babak Memari (Aug 11)
- RE: Using non-printable characters in passwords Meidinger Chris (Aug 12)
- RE: Using non-printable characters in passwords Birl (Aug 26)
- RE: Using non-printable characters in passwords Chris Berry (Aug 12)
- RE: Using non-printable characters in passwords dave kleiman (Aug 13)
- RE: Using non-printable characters in passwords Chris Berry (Aug 13)
- RE: Using non-printable characters in passwords Birl (Aug 26)