Re: Hacked Passwords
- From: "karl levinson, mvp" <levinson_k@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 6 Oct 2006 08:37:12 -0400
"silas" <kiai_viper@xxxxxxxxxxx> wrote in message
news:%23QQ2k4P6GHA.4568@xxxxxxxxxxxxxxxxxxxxxxx
I am a pen tester. Believe me, anything under 15 characters is already
cracked. The reason behind that is that when Windows stores passwords that
are 15 characters or larger, there is a flaw and it will store the hash as
a null hash starting with the AAD3 characters.
It doesn't have to be that way. Windows can and should be configured not to
store the older LM Hash format. I believe the computers you crack that way
are cracked more because they were not configured securely. Keep in mind
also that if you are brute forcing the weaker LM Hash-stored password
hashes, it is because you already gained admin privileges on the box via
another vulnerability. But I agree that length is more important than
complexity, and that complexity rules can cause users to write down their
passwords on pieces of paper.
.
- References:
- Hacked Passwords
- From: Bad Beagle
- Re: Hacked Passwords
- From: silas
- Hacked Passwords
- Prev by Date: Re: Password protecting a desktop folder
- Next by Date: Re: Password protecting a desktop folder
- Previous by thread: Re: Hacked Passwords
- Next by thread: Re: Hacked Passwords
- Index(es):
Relevant Pages
|
