RE: Using non-printable characters in passwords

From: Birl (sbirl_at_temple.edu)
Date: 08/25/03

  • Next message: Paul Brabban: "Definition of a Security Principal" 
    Date: Mon, 25 Aug 2003 15:41:38 -0400 (EDT)
To: security-basics@securityfocus.com

    As it was written on Aug 12, thus Meidinger Chris spake:

    Chris: Date: Tue, 12 Aug 2003 08:10:57 +0100
    Chris: From: Meidinger Chris <chris.meidinger@badenit.de>
    Chris: To: "'security-basics@securityfocus.com'"
    Chris: <security-basics@securityfocus.com>
    Chris: Subject: RE: Using non-printable characters in passwords
    Chris:
    Chris: I know you don't want to hear this, but remember that MS Windows NT or 2000
    Chris: running in hybrid mode uses an NTLM hash to represent the password. This
    Chris: hash represents only 7 characters, meaning that if you have a 21 character
    Chris: password, it is really 3 consecutive 7 character passwords. Thus your 21
    Chris: char pass is barely stronger than a 7 character password. For this reaason
    Chris: complexity is very important in windows, and not length.
    Chris:
    Chris: just a reminder for anyone in a windows environment who is setting password
    Chris: requirements.
    Chris:
    Chris: badenIT GmbH
    Chris: System Support
    Chris:
    Chris: Chris Meidinger
    Chris: Tullastrasse 70
    Chris: 79108 Freiburg

    Ah, you must re-read my original post.
    Since I work cross-platform, I look for cross-platform solutions.

    I use SecureCRT (at work) to ssh from Windows to Solaris 9.
    I use Cygwin at home to get into my Solaris 9 server.

    I am aware of the 2 hashes in NT, but my concern is more compatibility
    between platforms. Yes, complexity is best, but wouldnt help me if the
    keyboard or application cannot translate the keystrokes correctly.

    Thanks for the information anyway. Im sure it will be useful to someone
    else.

    Chris: -----Original Message-----
    Chris: From: Birl [mailto:sbirl@temple.edu]
    Chris: Sent: Wednesday, August 06, 2003 8:41 PM
    Chris: To: security-basics@securityfocus.com
    Chris: Subject: Using non-printable characters in passwords
    Chris:
    Chris:
    Chris: Using cross-platform keyboards (SUN, Windows, Mac), how does one use
    Chris: non-printable characters in their passwords?
    Chris:
    Chris: Since I work cross-platform, I use only a limited number of characters
    Chris: while holding down the CTRL key.
    Chris:
    Chris: Whilst searching Google, I came across a SecurityFocus article that said:
    Chris: "hold down the ALT key while pressing the 1,2, and 9 keys on the numeric
    Chris: keypad"
    Chris:
    Chris: Additionally, the Google search I used
    Chris: non-printable characters passwords
    Chris: came up with more information about recovery and programs to avoid using
    Chris: non-printable characters.
    Chris:
    Chris: Are there any other combinations? If I recall correctly, a SANS
    Chris: instructor mentioned making use of the "Print Screen" key.
    Chris:
    Chris:
    Chris: Thanks in advance
    Chris:
    Chris: Scott Birl http://concept.temple.edu/sysadmin/
    Chris: Senior Systems Administrator Computer Services Temple
    Chris: University
    Chris: ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*=
    Chris: ===*
    Chris:
    Chris: ---------------------------------------------------------------------------
    Chris: ----------------------------------------------------------------------------
    Chris:
    Chris: ---------------------------------------------------------------------------
    Chris: ----------------------------------------------------------------------------
    Chris:

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
    October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
    ----------------------------------------------------------------------------

  • Next message: Paul Brabban: "Definition of a Security Principal"

    Relevant Pages

    • Re: ATWT - Leaving? (re: SPOILERS FOR THE WEEK OF JUNE 30th)
      ... Is Chris leaving the show? ... squandering the children of the veteran characters, ... Cyrus caught him with Daisy, and much longer for Cassie to find out, ... confront Cyrus, get Daisy to hide him and steal from her family, sleep ...
      (rec.arts.tv.soaps.cbs)
    • Re: "We lead the world in computerized data collection!" (Sopranos spoilers)
      ... The Chris stuff actually bored me way more than Artie. ... interested in characters like Vito, Benny, and Chris' rehab buddy(can't ... The guy who hung himself in the first episode was absolutely ...
      (rec.music.phish)
    • RE: Using non-printable characters in passwords
      ... As it was written on Aug 12, thus Chris Berry spake unto security-basics@se...: ... Chris: Subject: RE: Using non-printable characters in passwords ... I always ran into problems with passwords over 14 characters. ...
      (Security-Basics)
    • Re: ATWT/ Hasnt hit yet
      ... accidentally turn the TV on when ATWT is supposed to be on and it's ... I was just reading a list of characters someone on another board ... I'd also want Penny, Ellen, Andy and John. ... Oh - and Chris Hughes. ...
      (rec.arts.tv.soaps.cbs)
    • Re: Narrow To Wide To Narrow String Conversion With reinterpret_cast
      ... so it will keep reading memory until it ... | NUL-terminated array of single-byte characters to an 0x0000- ... | terminated array of two-byte characters. ... Chris Val ...
      (alt.comp.lang.learn.c-cpp)