Security Basics mailing list archives
Re: Using non-printable characters in passwords
From: "Meritt James" <meritt_james () bah com>
Date: Thu, 07 Aug 2003 11:35:52 -0400
And you thought the UUENCODE bug was limited to URL hacks? Nahhhhh. Warning: Some systems will let you SET passwords using characters which are unrecognized by the system to gain access, resulting in you locking yourself out. It pays to know field separators, for instance. Things like " " (the space character) are a bad idea... Jim "Optrics Engineering - Shaun Sturby, MCSE" wrote:
Executive Summary: This manifesto is designed to give system administrators a better grasp on the importance of password security. It is also designed to help users understand the importance of choosing a strong password http://www.somorita.com/Networking/PasswordManifesto.asp Want to make it even stronger? The there are some characters that you can type but that don't exist on the keyboard. I call these ALT characters. You get these characters by holding down the ALT key and typing a code on the numeric keypad. For example, if I type ALT-156 I get ?. Pretty kewl, eh? And you can use that as a key combination as one of the characters in your password. Most password cracking programs never check those characters and if they did it would take them much longer to crack passwords. Some of the common ALT combinations are shown at the end of this document. -----Original Message----- From: Birl [mailto:sbirl () temple edu] Sent: Wednesday, August 06, 2003 12:41 PM To: security-basics () securityfocus com Subject: Using non-printable characters in passwords Using cross-platform keyboards (SUN, Windows, Mac), how does one use non-printable characters in their passwords? Since I work cross-platform, I use only a limited number of characters while holding down the CTRL key. Whilst searching Google, I came across a SecurityFocus article that said: "hold down the ALT key while pressing the 1,2, and 9 keys on the numeric keypad" Additionally, the Google search I used non-printable characters passwords came up with more information about recovery and programs to avoid using non-printable characters. Are there any other combinations? If I recall correctly, a SANS instructor mentioned making use of the "Print Screen" key. Thanks in advance Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====* --------------------------------------------------------------------------- ---------------------------------------------------------------------------- _____________________________________________________________ IMail Server has scanned this e-mail for Viruses and SPAM using Declude Virus & Declude Junkmail available from www.Optrics.com _____________________________________________________________ IMail Server has scanned this e-mail for Viruses and SPAM using Declude Virus & Declude Junkmail available from www.Optrics.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Using non-printable characters in passwords Birl (Aug 06)
- Re: Using non-printable characters in passwords Tim Greer (Aug 07)
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Meritt James (Aug 07)
- RE: Using non-printable characters in passwords Manuel Lanctot (Aug 07)
- Re: Using non-printable characters in passwords Birl (Aug 07)
- RE: Using non-printable characters in passwords dave kleiman (Aug 08)
- <Possible follow-ups>
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Jay Woody (Aug 08)
- Re: Using non-printable characters in passwords Mr Babak Memari (Aug 11)
- RE: Using non-printable characters in passwords Meidinger Chris (Aug 12)
- RE: Using non-printable characters in passwords Birl (Aug 26)
- RE: Using non-printable characters in passwords Chris Berry (Aug 12)
- RE: Using non-printable characters in passwords dave kleiman (Aug 13)
(Thread continues...)