Security Basics mailing list archives
RE: Using non-printable characters in passwords
From: Birl <sbirl () temple edu>
Date: Mon, 25 Aug 2003 15:41:38 -0400 (EDT)
As it was written on Aug 12, thus Meidinger Chris spake: Chris: Date: Tue, 12 Aug 2003 08:10:57 +0100 Chris: From: Meidinger Chris <chris.meidinger () badenit de> Chris: To: "'security-basics () securityfocus com'" Chris: <security-basics () securityfocus com> Chris: Subject: RE: Using non-printable characters in passwords Chris: Chris: I know you don't want to hear this, but remember that MS Windows NT or 2000 Chris: running in hybrid mode uses an NTLM hash to represent the password. This Chris: hash represents only 7 characters, meaning that if you have a 21 character Chris: password, it is really 3 consecutive 7 character passwords. Thus your 21 Chris: char pass is barely stronger than a 7 character password. For this reaason Chris: complexity is very important in windows, and not length. Chris: Chris: just a reminder for anyone in a windows environment who is setting password Chris: requirements. Chris: Chris: badenIT GmbH Chris: System Support Chris: Chris: Chris Meidinger Chris: Tullastrasse 70 Chris: 79108 Freiburg Ah, you must re-read my original post. Since I work cross-platform, I look for cross-platform solutions. I use SecureCRT (at work) to ssh from Windows to Solaris 9. I use Cygwin at home to get into my Solaris 9 server. I am aware of the 2 hashes in NT, but my concern is more compatibility between platforms. Yes, complexity is best, but wouldnt help me if the keyboard or application cannot translate the keystrokes correctly. Thanks for the information anyway. Im sure it will be useful to someone else. Chris: -----Original Message----- Chris: From: Birl [mailto:sbirl () temple edu] Chris: Sent: Wednesday, August 06, 2003 8:41 PM Chris: To: security-basics () securityfocus com Chris: Subject: Using non-printable characters in passwords Chris: Chris: Chris: Using cross-platform keyboards (SUN, Windows, Mac), how does one use Chris: non-printable characters in their passwords? Chris: Chris: Since I work cross-platform, I use only a limited number of characters Chris: while holding down the CTRL key. Chris: Chris: Whilst searching Google, I came across a SecurityFocus article that said: Chris: "hold down the ALT key while pressing the 1,2, and 9 keys on the numeric Chris: keypad" Chris: Chris: Additionally, the Google search I used Chris: non-printable characters passwords Chris: came up with more information about recovery and programs to avoid using Chris: non-printable characters. Chris: Chris: Are there any other combinations? If I recall correctly, a SANS Chris: instructor mentioned making use of the "Print Screen" key. Chris: Chris: Chris: Thanks in advance Chris: Chris: Scott Birl http://concept.temple.edu/sysadmin/ Chris: Senior Systems Administrator Computer Services Temple Chris: University Chris: ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*= Chris: ===* Chris: Chris: --------------------------------------------------------------------------- Chris: ---------------------------------------------------------------------------- Chris: Chris: --------------------------------------------------------------------------- Chris: ---------------------------------------------------------------------------- Chris: --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Re: Using non-printable characters in passwords, (continued)
- Re: Using non-printable characters in passwords Tim Greer (Aug 07)
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Meritt James (Aug 07)
- RE: Using non-printable characters in passwords Manuel Lanctot (Aug 07)
- Re: Using non-printable characters in passwords Birl (Aug 07)
- RE: Using non-printable characters in passwords dave kleiman (Aug 08)
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Jay Woody (Aug 08)
- Re: Using non-printable characters in passwords Mr Babak Memari (Aug 11)
- RE: Using non-printable characters in passwords Meidinger Chris (Aug 12)
- RE: Using non-printable characters in passwords Birl (Aug 26)
- RE: Using non-printable characters in passwords Chris Berry (Aug 12)
- RE: Using non-printable characters in passwords dave kleiman (Aug 13)
- RE: Using non-printable characters in passwords Chris Berry (Aug 13)
- RE: Using non-printable characters in passwords Birl (Aug 26)