RE: ADS Password Storage Protection


You response is a no go, maybe you are unaware of how the LM store works.

"garzelfloposaurus" there would be no LM hash of this password nor of my old
king passphrase example, because LM is limited to 14 characters.

That is where you are mixing up the getting the first half and guessing the

If you did have the first, how would you guess what portion of the rhyme I
used, what punctuation I used, and how long the passphrase was?


-----Original Message-----
From: Jeffrey F. Bloss [mailto:jbloss@xxxxxxxxxxxxxxx]
Sent: Wednesday, July 19, 2006 14:51
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: ADS Password Storage Protection

dave kleiman wrote:

> Eric,
> I beg to differ.
> Are you suggesting that a 40-60 character passphrase
"&Old King Cole
> was a merry old soul, a merry old soul was he; he called
for his pipe,
> he called for his bowl!!" is not more secure than "$%Op13f987&"

In some ways yes, and in some ways no. :)

The essence of the LM Hash vulnerability is being able to
derive an entire pass phrase from a portion. Since pass
phrases were hashed in "chunks" it was possible to crack a
smaller chunk and potentially guess the rest from that
information. If you discovered the text "garzel" and knew a
pet's name was "garzelfloposaurus"... :)

Your Old King Cole example suffers from the same weakness.
It wouldn't take long to figure out the rest if we knew the
"&Old Ki" part. And of course "&Old Ki" is less secure than
"$%Op13f987&" in every way.

Hand crafted on 19 July, 2006 at 14:41:28 EDT

Does the name Pavlov ring a bell?

This list is sponsored by: Norwich University

The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

Relevant Pages

  • Re: A question on an article dealing with pass phrase and keys
    ... In the section Keys vs. Passphrases He mentions using a hashing ... first and it goes through the hash function first. ... Hashing the passphrase to produce a key will not increase ... This can be useful for various crypto applications, ...
  • Re: XOR passphrase with a constant
    ... to the attacker it does not immediately provide progress in either direction ... hashes that it provides progress on, ... passphrase, even if it is know to the attacker, then it can be considered ... passphrase could have enough entropy that the apparent entropy overflows ...
  • Re: Newbie - Does This Make Sense?
    ... clear text before encrypting it. ... hash of the passphrase somewhere, and when the user enters some key, ... it is hashed then used to decrypt the stored hash. ... Remember to decrypt a copy of the stored encrypted hash, ...
  • Re: GPG Question on Symmetric Key Input
    ... Not the session key, ... The hash is easy to duplicate. ... The *passphrase* is an iterated hash of the password. ... PGP or GPG securely is keeping your private key secure. ...