Penetration Testing mailing list archives
RE: Whitespace in passwords
From: "Craig Wright" <cwright () bdosyd com au>
Date: Mon, 19 Sep 2005 06:55:28 +1000
Please note I was pointing to the "success rates" table for NTLM The lowest is 80.19% as it stands. This is not all the tables are precomputed, but there is still an 80+ % crack rate (and this is growing) Further - this is not the only table source. Further - there is no manner in which you will enforce extended passwords. As I initially stated - the issue is in protecting the password and stopping a copy from being tested. There are means available to do this. If you are still on NT 4.0 - than it is time to upgrade. The success rate is 80.19% for "alpha numeric symbol 32 space" - this is EVERYthing in NTLM - not just space or extended - the table is 53% derived- but if you read further - this equates to an 80.19% crack rate. Remember there is a user at the other end - they have to remember. Please explain how a user will enter and remember a passphrase such as "S%'beep'('Smiley face'?G$" - where ' ' encloses extended chars Craig -----Original Message----- From: dave kleiman [mailto:dave () isecureu com] Sent: Mon 19/09/2005 5:49 AM To: pen-test () securityfocus com Cc: 'Anders Thulin'; 'bryan allott'; Craig Wright; compuwar () gmail com; 'Peter Parker' Subject: RE: Whitespace in passwords
Current thread:
- Re: Whitespace in passwords, (continued)
- Re: Whitespace in passwords R. DuFresne (Sep 19)
- RE: Whitespace in passwords Andrew Meyers (Sep 08)
- Re: Whitespace in passwords Steve.Cummings (Sep 11)
- RE: Whitespace in passwords dave kleiman (Sep 12)
- Re: Whitespace in passwords Tim (Sep 14)
- RE: Whitespace in passwords dave kleiman (Sep 12)
- RE: Whitespace in passwords Craig Wright (Sep 14)
- RE: Whitespace in passwords Craig Wright (Sep 18)
- RE: Whitespace in passwords dave kleiman (Sep 19)
- Re: Whitespace in passwords Stephen J. Smoogen (Sep 19)
- RE: Whitespace in passwords Craig Wright (Sep 19)
- RE: Whitespace in passwords Craig Wright (Sep 19)
- RE: Whitespace in passwords dave kleiman (Sep 19)
- RE: Whitespace in passwords Bryan McAninch (Sep 19)
- Re: Whitespace in passwords Tim (Sep 19)
- RE: Whitespace in passwords Craig Wright (Sep 20)
- Re: Whitespace in passwords Tim (Sep 20)
- RE: Whitespace in passwords Craig Wright (Sep 20)
- Re: Whitespace in passwords Steve.Cummings (Sep 21)
- Message not available
- Re: Whitespace in passwords Sahir Hidayatullah (Sep 22)
- Message not available
- RE: Whitespace in passwords Steve.Cummings (Sep 21)
- Re: Whitespace in passwords Steve.Cummings (Sep 21)