Penetration Testing mailing list archives
RE: Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords"
From: "dave kleiman" <dave () isecureu com>
Date: Mon, 26 Sep 2005 10:00:21 -0400
Regarding "Whitespace in passwords", and as some people already mentioned, modern password cracking software (both commercial and free) can find non-printable chars, so space or ALT-whatever are going to be found anyway. Rainbow tables now tend to include space, but I still haven't heard of anyone producing a table for 0x00-0xff (0x0000-0xffff if you use extended unicode chars ;-) Applications CAN be broken by using strange characters, so YMMV.
Can you provide a list of those that have that ability, I will gladly test them. The most popular ones cannot i.e. L0pht, Cain etc. See: http://www.securityfocus.com/archive/88/312263 Dave ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- MSFT Bans insecure hashes - was"Passwords with Lan Manager (LM) under Windows" Craig Wright (Sep 23)
- Re: MSFT Bans insecure hashes - was"Passwords with Lan Manager (LM) under Windows" Thor (Hammer of God) (Sep 24)
- Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords" Miguel Dilaj (Sep 26)
- RE: Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords" dave kleiman (Sep 27)
- Password "security" - was"Passwords with Lan Manager (LM) under Windows" and "Whitespace in passwords" Miguel Dilaj (Sep 26)
- Re: MSFT Bans insecure hashes - was"Passwords with Lan Manager (LM) under Windows" Thor (Hammer of God) (Sep 24)