Re: Using non-printable characters in passwords

["Meritt James" <meritt_james () bah com>]

And you thought the UUENCODE bug was limited to URL hacks?  Nahhhhh. 
Warning:  Some systems will let you SET passwords using characters which
are unrecognized by the system to gain access, resulting in you locking
yourself out.  It pays to know field separators, for instance.  Things
like " " (the space character) are a bad idea...

Jim

"Optrics Engineering - Shaun Sturby, MCSE" wrote:
> Executive Summary: This manifesto is designed to give system administrators a
> better grasp on the importance of password security. It is also designed to help
> users understand the importance of choosing a strong password
>
> http://www.somorita.com/Networking/PasswordManifesto.asp
>
> Want to make it even stronger?  The there are some characters that you can type
> but that don't exist on the keyboard.  I call these ALT characters. You get
> these characters by holding down the ALT key and typing a code on the numeric
> keypad. For example, if I type ALT-156 I get ?. Pretty kewl, eh?  And you can
> use that as a key combination as one of the characters in your password. Most
> password cracking programs never check those characters and if they did it would
> take them much longer to crack passwords. Some of the common ALT combinations
> are shown at the end of this document.
>
> -----Original Message-----
> From: Birl [mailto:sbirl () temple edu]
> Sent: Wednesday, August 06, 2003 12:41 PM
> To: security-basics () securityfocus com
> Subject: Using non-printable characters in passwords
>
> Using cross-platform keyboards (SUN, Windows, Mac), how does one use
> non-printable characters in their passwords?
>
> Since I work cross-platform, I use only a limited number of characters
> while holding down the CTRL key.
>
> Whilst searching Google, I came across a SecurityFocus article that said:
> "hold down the ALT key while pressing the 1,2, and 9 keys on the numeric
> keypad"
>
> Additionally, the Google search I used
>       non-printable characters passwords
> came up with more information about recovery and programs to avoid using
> non-printable characters.
>
> Are there any other combinations?  If I recall correctly, a SANS
> instructor mentioned making use of the "Print Screen" key.
>
> Thanks in advance
>
>  Scott Birl                              http://concept.temple.edu/sysadmin/
>  Senior Systems Administrator            Computer Services   Temple University
> ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
> _____________________________________________________________
>
> IMail Server has scanned this e-mail for Viruses and SPAM using
> Declude Virus & Declude Junkmail available from www.Optrics.com
>
> _____________________________________________________________
>
> IMail Server has scanned this e-mail for Viruses and SPAM using
> Declude Virus & Declude Junkmail available from www.Optrics.com
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
----------------------------------------------------------------------------