Penetration Testing mailing list archives
Re: Whitespace in passwords
From: Paul Robertson <compuwar () gmail com>
Date: Fri, 16 Sep 2005 13:47:28 -0400
On 9/9/05, Peter Parker <peterparker () fastmail fm> wrote:
Most of the available crackers have option to brute all possible characters (including whitespaces). We want strong password because we dont want them to be compromised (by anymeans)
Strong passwords *normally* force users to write them down, and unless you've exposed a dictionary-attackable service like OWA, don't really help- since the big risk is local exploitation where those little yellow notes make all the difference.
Since _most_ of the precomputed tables available for rainbow crack are generally not one generated with whitespaces so I started using it regularly in my passwords :D
1. Thanks for helping reduce the keyspace necessary to acquire your passwords :-P 2. The newest Shmoo tables include the space character. 3. Disabling backwards-compatible hashes and the local storage of hashes (if possible) will go a lot further than hoping that an attacker's tables don't have the characters you're using or that the math doesn't suddenly become easy. 4. OTPs which are well-generated in hardware are generally worth more than any other scheme for solving the password problem. Paul -- www.compuwar.net ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Whitespace in passwords Anders Thulin (Sep 07)
- RE: Whitespace in passwords Peter Parker (Sep 11)
- Re: Whitespace in passwords Paul Robertson (Sep 16)
- Re: Whitespace in passwords R. DuFresne (Sep 19)
- Re: Whitespace in passwords Paul Robertson (Sep 16)
- <Possible follow-ups>
- RE: Whitespace in passwords Andrew Meyers (Sep 08)
- Re: Whitespace in passwords Steve.Cummings (Sep 11)
- RE: Whitespace in passwords dave kleiman (Sep 12)
- Re: Whitespace in passwords Tim (Sep 14)
- RE: Whitespace in passwords dave kleiman (Sep 12)
- RE: Whitespace in passwords Craig Wright (Sep 14)
- RE: Whitespace in passwords Craig Wright (Sep 18)
- RE: Whitespace in passwords dave kleiman (Sep 19)
- Re: Whitespace in passwords Stephen J. Smoogen (Sep 19)
- RE: Whitespace in passwords Craig Wright (Sep 19)
(Thread continues...)
- RE: Whitespace in passwords Peter Parker (Sep 11)