RE: Using non-printable characters in passwords
From: dave kleiman (dave_at_netmedic.net)
Date: 08/08/03
- Previous message: Jason Armstrong: "RE: Network scanning"
- In reply to: Birl: "Re: Using non-printable characters in passwords"
- Next in thread: Optrics Engineering - Shaun Sturby, MCSE: "RE: Using non-printable characters in passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <security-basics@securityfocus.com> Date: Thu, 7 Aug 2003 21:44:20 -0400
Birl,
To your original question: It all depends on how the hash is being stored
in your "cross-platform" situation. Microsoft's Unicode table often does not
always map to the extended ASCII character representations of that
particular character.
What happens is although you type "ALT+somenumber" (on the number keypad) in
the keyboard (extended ASCII character) it is immediately translated into
the Unicode table representation of this. That is why many programs
"user2sid", "Lopht" etc. cannot represent this character. Microsoft stores
these in two separate strings; 1 is ANSI, 1 is Unicode. If the program is
checking the ANSI string for username with "ALT+228 at the end it will not
find it. (Same thing if it is in the password).
Open Word go to insert symbol. Click on the v (square root symbol).
Look at the bottom of the table it says "Character Code 221A from Unicode
(Hex)" "Shortcut Key 221A, Alt+X. I bet you have to hit ALT+251 to
reproduce it though.
So your answer is "MAYBE". If the hash is passed along in Unicode from
platform to platform and the Unicode tables match you may have a happy
cross-platform password. For one software application it may work for
another it might not.
There is a short reference to it in a post I made a while back, please take
a look at it.
http://www.securityfocus.com/archive/88/312263
_____________________
Dave Kleiman
dave@netmedic.net
www.netmedic.net
-----Original Message-----
From: Birl [mailto:sbirl@temple.edu]
Sent: Thursday, August 07, 2003 13:26
To: security-basics@securityfocus.com
Subject: Re: Using non-printable characters in passwords
Although I very much value the 4 responses I have received so far, I think
I should clarify my original question better:
Are there any other keys (or combination thereof) besides, CTRL or ALT,
that can be used?
Another question, it is possible to use CTRL + ALT + <key> at the
same time? Where, obviously, <key> != DEL :p
Third question: Any good docs on CTRL combinations?
Right now Im limited to ^n (avoiding ^a ^c ^e ^h ^i ^j ^m ^q ^s ^u ^?
etc. for obvious UNIX reasons)
Thanks again.
As it was written on Aug 6, thus I spake unto
security-basics@securityfocus.com:
Previous post: Date: Wed, 6 Aug 2003 14:41:09 -0400 (EDT)
Previous post: From: Birl <sbirl@temple.edu>
Previous post: Reply-To: security-basics@securityfocus.com
Previous post: To: security-basics@securityfocus.com
Previous post: Subject: Using non-printable characters in passwords
Previous post:
Previous post: Using cross-platform keyboards (SUN, Windows, Mac), how does
one use
Previous post: non-printable characters in their passwords?
Previous post:
Previous post: Since I work cross-platform, I use only a limited number of
characters
Previous post: while holding down the CTRL key.
Previous post:
Previous post: Whilst searching Google, I came across a SecurityFocus
article that said:
Previous post: "hold down the ALT key while pressing the 1,2, and 9 keys on
the numeric
Previous post: keypad"
Previous post:
Previous post: Additionally, the Google search I used
Previous post: non-printable characters passwords
Previous post: came up with more information about recovery and programs to
avoid using
Previous post: non-printable characters.
Previous post:
Previous post: Are there any other combinations? If I recall correctly, a
SANS
Previous post: instructor mentioned making use of the "Print Screen" key.
Previous post:
Previous post:
Previous post: Thanks in advance
Previous post:
Previous post: Scott Birl
http://concept.temple.edu/sysadmin/
Previous post: Senior Systems Administrator Computer Services
Temple University
Previous post:
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*=
===*
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Jason Armstrong: "RE: Network scanning"
- In reply to: Birl: "Re: Using non-printable characters in passwords"
- Next in thread: Optrics Engineering - Shaun Sturby, MCSE: "RE: Using non-printable characters in passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
