Security Basics mailing list archives

RE: Using non-printable characters in passwords

From: Meidinger Chris <chris.meidinger () badenit de>
Date: Tue, 12 Aug 2003 08:10:57 +0100

I know you don't want to hear this, but remember that MS Windows NT or 2000
running in hybrid mode uses an NTLM hash to represent the password. This
hash represents only 7 characters, meaning that if you have a 21 character
password, it is really 3 consecutive 7 character passwords. Thus your 21
char pass is barely stronger than a 7 character password. For this reaason
complexity is very important in windows, and not length.

just a reminder for anyone in a windows environment who is setting password
requirements.

badenIT GmbH
System Support
 
Chris Meidinger
Tullastrasse 70
79108 Freiburg


-----Original Message-----
From: Birl [mailto:sbirl () temple edu]
Sent: Wednesday, August 06, 2003 8:41 PM
To: security-basics () securityfocus com
Subject: Using non-printable characters in passwords


Using cross-platform keyboards (SUN, Windows, Mac), how does one use
non-printable characters in their passwords?

Since I work cross-platform, I use only a limited number of characters
while holding down the CTRL key.

Whilst searching Google, I came across a SecurityFocus article that said:
"hold down the ALT key while pressing the 1,2, and 9 keys on the numeric
keypad"

Additionally, the Google search I used
      non-printable characters passwords
came up with more information about recovery and programs to avoid using
non-printable characters.

Are there any other combinations?  If I recall correctly, a SANS
instructor mentioned making use of the "Print Screen" key.


Thanks in advance

 Scott Birl                              http://concept.temple.edu/sysadmin/
 Senior Systems Administrator            Computer Services   Temple
University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*=
===*

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Using non-printable characters in passwords Birl (Aug 06)
- Re: Using non-printable characters in passwords Tim Greer (Aug 07)
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
  - Re: Using non-printable characters in passwords Meritt James (Aug 07)
- RE: Using non-printable characters in passwords Manuel Lanctot (Aug 07)
- Re: Using non-printable characters in passwords Birl (Aug 07)
  - RE: Using non-printable characters in passwords dave kleiman (Aug 08)
- <Possible follow-ups>
- RE: Using non-printable characters in passwords Optrics Engineering - Shaun Sturby, MCSE (Aug 07)
- Re: Using non-printable characters in passwords Jay Woody (Aug 08)
- Re: Using non-printable characters in passwords Mr Babak Memari (Aug 11)
- RE: Using non-printable characters in passwords Meidinger Chris (Aug 12)
  - RE: Using non-printable characters in passwords Birl (Aug 26)
- RE: Using non-printable characters in passwords Chris Berry (Aug 12)
  - RE: Using non-printable characters in passwords dave kleiman (Aug 13)
- RE: Using non-printable characters in passwords Chris Berry (Aug 13)
  - RE: Using non-printable characters in passwords Birl (Aug 26)