Security Basics mailing list archives
RE: Using non-printable characters in passwords
From: "Chris Berry" <compjma () hotmail com>
Date: Tue, 12 Aug 2003 13:55:02 -0700
From: Meidinger Chris <chris.meidinger () badenit de> I know you don't want to hear this, but remember that MS Windows NT or 2000 running in hybrid mode uses an NTLM hash to represent the password. This hash represents only 7 characters, meaning that if you have a 21 character password, it is really 3 consecutive 7 character passwords. Thus your 21 char pass is barely stronger than a 7 character password. For this reaason complexity is very important in windows, and not length. just a reminder for anyone in a windows environment who is setting password requirements.
That's only correct if you're using LM and/or haven't made the registry change to get rid of the backwards compatibility mode. NTLM and NTLMv2 do not suffer from this problem.
Chris Berry compjma () hotmail com Systems Administrator JM Associates "Q: How many software engineers does it take to change a lightbulb ? A: It can't be done; it's a hardware problem." _________________________________________________________________MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Using non-printable characters in passwords, (continued)
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Meritt James (Aug 07)
- RE: Using non-printable characters in passwords Manuel Lanctot (Aug 07)
- Re: Using non-printable characters in passwords Birl (Aug 07)
- RE: Using non-printable characters in passwords dave kleiman (Aug 08)
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Jay Woody (Aug 08)
- Re: Using non-printable characters in passwords Mr Babak Memari (Aug 11)
- RE: Using non-printable characters in passwords Meidinger Chris (Aug 12)
- RE: Using non-printable characters in passwords Birl (Aug 26)
- RE: Using non-printable characters in passwords Chris Berry (Aug 12)
- RE: Using non-printable characters in passwords dave kleiman (Aug 13)
- RE: Using non-printable characters in passwords Chris Berry (Aug 13)
- RE: Using non-printable characters in passwords Birl (Aug 26)
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)