Re: ADS Password Storage Protection

dave kleiman wrote:

Jeff,

You response is a no go, maybe you are unaware of how the LM store works.

I am aware, but in retrospect I wasn't as clear as I should have been.
The LM Hash vulnerability was merely an example of of the overall
weakness of some aspects of human readable pass phrases. A salient
example of the concept of guessing the whole from a portion. The actual
compromise could just as easily have been a nosy observer catching a
glimpse of your entered pass phrase over your shoulder at Starbucks.

"garzelfloposaurus" there would be no LM hash of this password nor of my old
king passphrase example, because LM is limited to 14 characters.

That is where you are mixing up the getting the first half and guessing the
second.

If you did have the first, how would you guess what portion of the rhyme I
used, what punctuation I used, and how long the passphrase was?

Wouldn't you say the mathematics behind brute forcing passwords when
your "dictionary" is a known piece of literature, which you know from
observing the fractional pass phrase entry is used verbatim and only
had to come up with length of the text, would be an infinitesimally tiny
problem compared to not knowing any part or having to place totally
random characters in the proper sequence?

Of course it would. Even meddling with the occasional punctuation mark
wouldn't change the complexity of the task that much. Knowing any
portion of "Old King Cole" at all is a huge... no, a *HUGE* advantage
for an attacker.

--
Hand crafted on 21 July, 2006 at 12:41:38 EDT

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.

-- Groucho Marx

Attachment: signature.asc
Description: PGP signature

Relevant Pages

  • Re: "land up"
    ... I'm interested in knowing whether the phrase "land up" sounds normal to ... Adverse winds and currents could cause a sailing ship to make ...
    (alt.usage.english)
  • Re: Clicking on all cylinders at the ballpark
    ... Omoo, as giving the phrase an arguably nautical origin, since Shorty ... that Shory isn't a sailor. ... to Polynesia, ... Knowing about heat and knowing about brass monkeys ...
    (alt.usage.english)
  • Re: Barking up the wrong tree.
    ... (Please fill in the blanks with a well-known phrase meaning much the ... a local sheriff and prosecutor are trying to convince Nero Wolfe to ... seem to be actually referring to mistakenly calling a dog that isn't ...
    (alt.usage.english)
  • Re: To the back forty?
    ... into four 40-acre squares. ... but the phrase is known. ... phrases that have some historical origin without knowing what ...  (I think the land surveying one ...
    (alt.usage.english)
  • Re: Verbs with -teiru
    ... I understand that a phrase like: ... means "The dog is entered in the house", not "The dog is entering in the house". ... inu wa uchi ni agarimasu ...
    (sci.lang.japan)