Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password statistics and standards

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 19 Oct 2006 01:37:50 +0200
On 2006-10-17 John Lightfoot wrote:

Dathan wrote:

I don't understand what you mean.  Rainbow tables have been generated
for 14-character NTLM passwords.  Check out the Project RainbowCrack
homepage (http://www.antsight.com/zsl/rainbowcrack/).  Are you
referring to the 8-character set available for MD5?


My understanding of how NTLM stores passwords is by storing the first
7 characters in one location and up to 7 more characters in a second.
reason rainbow tables can crack the fourteen digit passwords is
because they're really cracking two 7 character passwords.


That's LM, not NTLM.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: