Security Basics mailing list archives
Re: Password statistics and standards
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 19 Oct 2006 01:37:50 +0200
On 2006-10-17 John Lightfoot wrote:
Dathan wrote:I don't understand what you mean. Rainbow tables have been generated for 14-character NTLM passwords. Check out the Project RainbowCrack homepage (http://www.antsight.com/zsl/rainbowcrack/). Are you referring to the 8-character set available for MD5?My understanding of how NTLM stores passwords is by storing the first 7 characters in one location and up to 7 more characters in a second. reason rainbow tables can crack the fourteen digit passwords is because they're really cracking two 7 character passwords.
That's LM, not NTLM. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Password statistics and standards samhenry (Oct 15)
- Re: Password statistics and standards Frynge Customer Support (Oct 16)
- RE: Password statistics and standards Peter Marshall (Oct 16)
- RE: Password statistics and standards dave kleiman (Oct 16)
- Re: Password statistics and standards Dathan Bennett (Oct 17)
- RE: Password statistics and standards John Lightfoot (Oct 18)
- Re: Password statistics and standards Ansgar -59cobalt- Wiechers (Oct 19)
- RE: Password statistics and standards dave kleiman (Oct 19)
- Re: Password statistics and standards Dathan Bennett (Oct 20)
- RE: Password statistics and standards dave kleiman (Oct 20)
- Re: Password statistics and standards Frynge Customer Support (Oct 16)
- RE: Changing the domain password policy Roger A. Grimes (Oct 17)
- RE: Changing the domain password policy Murda Mcloud (Oct 17)
- RE: Changing the domain password policy Duncan McAlynn (Oct 17)