Security Basics mailing list archives
Re: Fwd: How does the Cain and Abel SAM dump works?
From: "Dave Hull" <dphull () trustedsignal com>
Date: Wed, 16 Jul 2008 08:57:22 -0500
On Tue, Jul 15, 2008 at 2:14 PM, Eric Snyder <Eric.S () aefcu com> wrote:
How are you checking / cracking longer, 15 character plus, passwords? The best table I have seen is 14 character. Do you have a source for 15+ character tables that use every possible printable characters; commas, spaces, grave accents, etc.?
Remember that if the password is more than 14 characters, Windows won't write an LM hash of it to the SAM file. Instead, an NT hash will be written along with a bogus LM hash. The LM hash is pretty weak as it is hashed on a seven bit boundary, thus your Rainbow tables actually only have to have hashes computed for seven character strings. This is why I recommend passwords be at least 15 characters. In my opinion, size matters more than complexity. -- Dave Hull CISSP, GCFA, GCIH, GREM, SSP-MPA, CHFI Trusted Signal, LLC http://trustedsignal.com SANS Mentor Security 508: Computer Forensics, Investigation and Response https://www.sans.org/mentor/details.php?nid=11673
Current thread:
- Fwd: How does the Cain and Abel SAM dump works? Vikas Singhal (Jul 14)
- Re: Fwd: How does the Cain and Abel SAM dump works? Rob Thompson (Jul 15)
- Re: Fwd: How does the Cain and Abel SAM dump works? Adriel Desautels (Jul 15)
- RE: Fwd: How does the Cain and Abel SAM dump works? Eric Snyder (Jul 15)
- Re: Fwd: How does the Cain and Abel SAM dump works? Adriel Desautels (Jul 15)
- Re: Fwd: How does the Cain and Abel SAM dump works? Jorge L. Vazquez (Jul 16)
- Re: Fwd: How does the Cain and Abel SAM dump works? Dave Hull (Jul 16)
- Re: Fwd: How does the Cain and Abel SAM dump works? Ansgar -59cobalt- Wiechers (Jul 16)
- Message not available
- Passwords: length vs. complexity (was: How does the Cain and Abel SAM dump works?) Ansgar -59cobalt- Wiechers (Jul 18)
- RE: Passwords: length vs. complexity (was: How does the Cain and Abel SAM dump works?) Rivest, Philippe (Jul 21)
- Re: Passwords: length vs. complexity Ansgar -59cobalt- Wiechers (Jul 21)
- RE: Passwords: length vs. complexity Rivest, Philippe (Jul 21)
- Re: Passwords: length vs. complexity Ansgar -59cobalt- Wiechers (Jul 21)
- Message not available
- Re: Passwords: length vs. complexity Ansgar -59cobalt- Wiechers (Jul 22)
- Re: Fwd: How does the Cain and Abel SAM dump works? Adriel Desautels (Jul 15)
- Re: Fwd: How does the Cain and Abel SAM dump works? Rob Thompson (Jul 15)
- Re: How does the Cain and Abel SAM dump works? Rob Thompson (Jul 18)