RE: Using non-printable characters in passwords

From: Birl (sbirl_at_temple.edu)
Date: 08/25/03

  • Next message: David Gillett: "RE: CSMA/CD"
    Date: Mon, 25 Aug 2003 15:46:33 -0400 (EDT)
    To: security-basics@securityfocus.com
    
    

    As it was written on Aug 12, thus Chris Berry spake unto security-basics@se...:

    Chris: Date: Tue, 12 Aug 2003 17:57:50 -0700
    Chris: From: Chris Berry <compjma@hotmail.com>
    Chris: To: security-basics@securityfocus.com
    Chris: Subject: RE: Using non-printable characters in passwords
    Chris:
    Chris: >From: "dave kleiman" <dave@netmedic.net>
    Chris: >Not quite;
    Chris: >
    Chris: >If you pass the 14 character margin, No LM hash will be stored of the
    Chris: >password. 14 characters is its limit, so if you enforce a policy of 15 or
    Chris: >greater you do not have to worry about it.
    Chris:
    Chris: That's true, but I wouldn't rely on that. It's pretty easy to disable the
    Chris: storing of the LM hash permanently.
    Chris:
    Chris: Chris Berry

    I disable LM hash by default. I have long SecEdit file that tightens the
    whole machine down (too tight sometimes)

    My question is this: when was over 14 characters possible in NT?

    I always ran into problems with passwords over 14 characters. Cannot
    remember what the problem was off-hand, I'll have to see if I can
    replicate it .... might have been NT4

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
    October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
    ----------------------------------------------------------------------------


  • Next message: David Gillett: "RE: CSMA/CD"