Full Disclosure mailing list archives
Re: Senior M$ member says stop using passwords completely!
From: stephane nasdrovisky <stephane.nasdrovisky () paradigmo com>
Date: Wed, 20 Oct 2004 08:43:54 +0200
Todd Towles wrote:
If my memory is right, lm passwords are hashed as 2*7 uppercase bytes (which is not the same as 14 bytes, it's easier to bf) If lm passwords are enabled, even longer passwords will collide with a 14 characters password (as far as you're more interested in accessing one's account than knowing its dog's name, i.e. if your pass is "My name is bond, james bond!", using "MY NAME IS BON" will give you the access you diserve)! Back in the nt 4.0 time, it was required to disable lm passwords (w95 compatibility issue) in order to have stronger passwords (if nt password fails, lm password is checked).I was under the understand that passwords of over 14 characters were stored with a more secure hash, therefore 14 characters passwords were harder to crack, due to the more secure hash. Windows will create two different hashes for passwords shorting than 14 characters, I do believe.
Just use a non-printable character in your password and cracking isuseless...if they crack it, they can't read what they cracked. ;)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Senior M$ member says stop using passwords completely!, (continued)
- RE: Senior M$ member says stop using passwords completely! RandallM (Oct 16)
- Re: Senior M$ member says stop using passwords completely! Georgi Guninski (Oct 20)
- Re: Senior M$ member says stop using passwords completely! Danny (Oct 20)
- Re: Senior M$ member says stop using passwords completely! Maarten (Oct 20)
- Re: Senior M$ member says stop using passwords completely! Georgi Guninski (Oct 21)
- Re: Senior M$ member says stop using passwords completely! Danny (Oct 21)
- Re: Senior M$ member says stop using passwords completely! Danny (Oct 20)
- RE: Senior M$ member says stop using passwords completely! Banta, Will (Oct 19)
- RE: Senior M$ member says stop using passwords completely! Frank Knobbe (Oct 19)
- RE: Senior M$ member says stop using passwords completely! Todd Towles (Oct 19)
- RE: Senior M$ member says stop using passwords completely! Aviv Raff (Oct 20)
- Re: Senior M$ member says stop using passwords completely! stephane nasdrovisky (Oct 20)
- RE: Senior M$ member says stop using passwords completely! James . McKinlay (Oct 20)
- RE: Senior M$ member says stop using passwords completely! Todd Towles (Oct 20)
- RE: Senior M$ member says stop using passwords completely! Thomas G O'Reilly (Oct 20)