Re: 128 bit password

That's curious Joe. It certainly goes against the widely held
127 max based on experiences with the GUI. What API/method
are you using, specifically does it have variants for differently
typed pwd buffer and you use a non wide char type? I recall
back at W2k release the "word" was a 255 max, but that changed
IIRC not too many SPs into W2k life.

Roger

"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:eYCgD23kHHA.4676@xxxxxxxxxxxxxxxxxxxxxxx
Hey Roger, see exhibit 1. I set a password that is 200 characters long.
Assumption would be that it would get truncated at 127/128 characters...
However it auths properly if all 200 characters are specified and breaks
if you chop off even one from the end.



[Thu 05/10/2007 23:32:58.35] +
F:\Dev\_EXPLOITS\DNSRPC>admod -b
cn=normaluser,cn=users,dc=joe,dc=com -kerbenc
unicodepwd::1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890

AdMod V01.10.00cpp Joe Richards (joe@xxxxxxxxxxx) February 2007

DN Count: 1
Using server: 2k3dc02.joe.com:389
Directory: Windows Server 2003

Modifying specified objects...
DN: cn=normaluser,cn=users,dc=joe,dc=com...

The command completed successfully


[Thu 05/10/2007 23:33:30.67] +
F:\Dev\_EXPLOITS\DNSRPC>auth /d joe /u normaluser /p
123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567
89012345678901234567890123456789012345678901234567890

Auth V01.01.00cpp Joe Richards (joe@xxxxxxxxxxx) August 2001

Authenticating joe\normaluser
Logon Successful.

[Thu 05/10/2007 23:33:56.06] +
F:\Dev\_EXPLOITS\DNSRPC>auth /d joe /u normaluser /p
123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567
8901234567890123456789012345678901234567890123456789

Auth V01.01.00cpp Joe Richards (joe@xxxxxxxxxxx) August 2001

Authenticating joe\normaluser
Logon failure: unknown user name or bad password.


[Thu 05/10/2007 23:33:58.81] +







--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Roger Abell [MVP] wrote:
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:OHaG3xqkHHA.5048@xxxxxxxxxxxxxxxxxxxxxxx
Last I checked, you have 256 bytes available which could be 256 ANSI
characters or 128 2-Byte Unicode.


You are right on the 256 bytes, but it is a max size for the passwords
of 127 unicode char (which I have always assumed due to null term'd).
Whether there is a way to force use of Ascii and hence larger size
I doubt, at least I have never heard of it.

Roger


Roger Abell [MVP] wrote:
"Frank Saunders, MS-MVP OE/WM" <franksaunders@xxxxxxxx> wrote in
message news:ONmtcqKkHHA.3452@xxxxxxxxxxxxxxxxxxxxxxx
<kenitaali@xxxxxxxxx> wrote in message
news:1178538223.612868.218450@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,

If a password is for example 128bit, how long is it in characters
(a-z
& A-Z)?
How can i calculate this?

If the password is "THISisMYpassword". How many bit password is it?

I think you're misinterpreting something. 128-bit security has
nothing to do with the length of the password. It's the level of
coding the security uses, to try to express it simply. But to take
your question literally, the password if we store the password as
8-bit bytes it would be 14 characters, but usually it is encrypted
before storing.

--
Frank Saunders, MS-MVP OE/WM
http://www.fjsmjs.com

Didn't Windows change to use of Unicode from Ascii for passwords
some time back, IIRC when the length was greatly increased in the
NT4 to W2k transition? If so, then these are 16 bit chars.

However, prior comments are right on. There is probably some
confusion here between cipher key lengths, password hashes as
stored, and passwords.

Roger


.

Relevant Pages

  • Re: 128 bit password
    ... Hey Roger, see exhibit 1. ... Assumption would be that it would get truncated at 127/128 characters... ... Joe Richards Microsoft MVP Windows Server Directory Services ... of 127 unicode char. ...
    (microsoft.public.security)
  • Re: Unicode Support
    ... >> (I know this is a poor example, but think about other languages, eg ... First things first, when you register your RosAsm windows classes, you ... the messages with ANSI / UNICODE parameters in ANSI or UNICODE form... ... with their alphabet characters, as with the numbers and punctuation...so, ...
    (alt.lang.asm)
  • =?windows-1252?Q?Re=3A_Encrypting_Unicode_=96_Using_ASCII_as_a_Surrogat?= =?windows-1252?Q?e
    ... characters of an exotic eastern language using an ASCII keyboard. ... communicate in large volume with China or Japan using CJK from Unicode ... present the message text to Alice as a string of hexadecimal numbers ... by the computer as an external file and enciphered by a stream cipher ...
    (sci.crypt)
  • =?windows-1252?Q?Encrypting_Unicode_=96_Using_ASCII_as_a_Surrogate_Al?= =?windows-1252?Q?pha
    ... characters of an exotic eastern language using an ASCII keyboard. ... It is true to say that any keyboard of any language can be simulated ... communicate in large volume with China or Japan using CJK from Unicode ... by the computer as an external file and enciphered by a stream cipher ...
    (sci.crypt)
  • =?windows-1252?Q?Re=3A_Encrypting_Unicode_=96_Using_ASCII_as_a_Surrogat?= =?windows-1252?Q?e
    ... characters of an exotic eastern language using an ASCII keyboard. ... communicate in large volume with China or Japan using CJK from Unicode ... present the message text to Alice as a string of hexadecimal numbers ... by the computer as an external file and enciphered by a stream cipher ...
    (sci.crypt)
Quantcast