Re: Secure Password Policy?

From: Neil <neil@xxxxxxxxxx>
Date: Sat, 21 Jan 2006 03:01:10 +0530

On 1/19/2006 11:08 PM, Mike Dieroff wrote:
> As far as I remember, the NTLANMAN hash maxed at 8 and LM hashes at 13
> characters... could be corrected...

NTLM hashes are not maxed at 8, or 13 characters. If they're capped at
all, they're capped at some extreme limit, maybe 256 or some such.

> 2.) Full complexity: Upper and lower case, numerals, alphanumerics
> <---- Don't forget the spacebar here!!always a good one!

I don't like using spaces in passwords because a lot of tools and
programs (particularly on the commandline) use space as a delimiter, so
there's a potential for problems there.

That said, usually those programs implement quotes properly, so I've not
had that issue in a while; and if you're only using your password to log
into Windows (like most users), than no harm in spaces.

--
Neil.
http://voidfx.net
"I plan to live for ever or die trying."
--Anonymous

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Follow-Ups:
- List of "clickable" on-line pen-test tools
  - From: Petr . Kazil

References:
- Secure Password Policy?
  - From: Sulaiman, Wilmar
- Re: Secure Password Policy?
  - From: Mike Dieroff

Prev by Date: Re: FW: Secure Password Policy?
Next by Date: Penetrating a PC through a printer device
Previous by thread: Re: Secure Password Policy?
Next by thread: List of "clickable" on-line pen-test tools
Index(es):
- Date
- Thread

Relevant Pages

RE: 3rd party vuln assesment firms
... > "We use the same tools hackers bring to bear against your systems. ... >> I'm looking for a firm to conduct annual 3rd party vulnerability ... Up to 75% of cyber attacks are launched on shopping ... >> your website for vulnerabilities to SQL injection, ...
(Pen-Test)
RE: Whitespace in passwords
... They also do not have a lot of the Extended ASCII characters: ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... > Hackers are concentrating their efforts on attacking ... Up to 75% of cyber attacks are ...
(Pen-Test)
RE: Whitespace in passwords - now alt+xxx
... Subject: Whitespace in passwords ... 60 possible characters and the password is 7 characters long. ... >> Check your website for vulnerabilities to SQL injection, ... >> scripting and other web attacks before hackers do! ...
(Pen-Test)
Re: Whitespace in passwords
... 60 possible characters and the password is 7 characters long. ... >> Hackers are concentrating their efforts on attacking applications on ... >> Check your website for vulnerabilities to SQL injection, ... >> scripting and other web attacks before hackers do! ...
(Pen-Test)
RE: 3rd party vuln assesment firms
... > "We use the same tools hackers bring to bear against your systems. ... >> I'm looking for a firm to conduct annual 3rd party vulnerability ... Up to 75% of cyber attacks are launched on shopping ... >> your website for vulnerabilities to SQL injection, ...
(Pen-Test)