RE: Using non-printable characters in passwords

[Birl <sbirl () temple edu>]

As it was written on Aug 12, thus Chris Berry spake unto security-basics@se...:

Chris:  Date: Tue, 12 Aug 2003 17:57:50 -0700
Chris:  From: Chris Berry <compjma () hotmail com>
Chris:  To: security-basics () securityfocus com
Chris:  Subject: RE: Using non-printable characters in passwords
Chris:
Chris:  >From: "dave kleiman" <dave () netmedic net>
Chris:  >Not quite;
Chris:  >
Chris:  >If you pass the 14 character margin, No LM hash will be stored of the
Chris:  >password. 14 characters is its limit, so if you enforce a policy of 15 or
Chris:  >greater you do not have to worry about it.
Chris:
Chris:  That's true, but I wouldn't rely on that.  It's pretty easy to disable the
Chris:  storing of the LM hash permanently.
Chris:
Chris:  Chris Berry


I disable LM hash by default.  I have long SecEdit file that tightens the
whole machine down (too tight sometimes)

My question is this:  when was over 14 characters possible in NT?

I always ran into problems with passwords over 14 characters.  Cannot
remember what the problem was off-hand, I'll have to see if I can
replicate it ....  might have been NT4


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------