Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

UNICODE For Windows XP Password Strings (Keyboard or other Character Entry Method)

From: ISM <infosecmonitor () gmail com>
Date: Mon, 8 Aug 2005 15:10:53 -0500
MS Windows XP supports High Order ASCII from the keyboard with an ALT
+ Numpad XXXX key combination (from 0128 - 0255) and in other MS Apps
(Word, etc) you can also use the same to produce UNICODE characters
(supported characters between 0-65535 for the character set under
consideration).

Programatically (in testing) we have generated 0-65535 1 character
passwords (net user xyz pass-string-here /ADD) and they generate 65535
unique NTLM hashes. So the backend Windows components seem to
understand and accept UNICODE input for password credentials.

Limitations on the input from the keyboard in this fashion seem to be
limited to that of either the language set selected or the
keyboard/kybd driver itself. We produce repeating character patterns
of 256 characters (ie, the same character is at ALT + 0640, ALT +
0896, ALT + 01152, ALT + 01408,...).

The XP command shell will reproduce the same repeating characters,
however if you cut and paste UNICODE characters (from Word or
whatever) Windows XP seems to accept the UNICODE character just fine
as a pasword string.

Does anyone know if there a way to open up potential to enter full
UNICODE character sets from the keyboard or from some other device
(smartcard reader, biometric, etc) that could generate those
characters for credentials at login? Can you create a custom character
set (ie, Control Panel - Regional and Language Options - English (US)
HighlyCustomized)? Is there ANY way to generate the characters from
the keyboard?

Using a number of sequential High Order ASCII is great as password
entropy can be increased remarkably (128 possible additional
characters x pw length) and they are not always displayable characters
using tools to view LSA Secrets (lsadump2, cain and abel, pmdump,
etc). Using UNICODE would be extremely cool as entropy could possibly
be extended to 65 thousand plus characters - or many many more than
simply High Order ASCII anyhow.

Any Ideas Appreciated,

 /ism
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: