Re: 128 bit password

AdMod is ascii based, it doesn't write unicode. If I used the unicode version of ldap_mod it would likely be limited to 127 unicode characters.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Roger Abell [MVP] wrote:
That's curious Joe. It certainly goes against the widely held
127 max based on experiences with the GUI. What API/method
are you using, specifically does it have variants for differently
typed pwd buffer and you use a non wide char type? I recall
back at W2k release the "word" was a 255 max, but that changed
IIRC not too many SPs into W2k life.

Roger

"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message news:eYCgD23kHHA.4676@xxxxxxxxxxxxxxxxxxxxxxx
Hey Roger, see exhibit 1. I set a password that is 200 characters long. Assumption would be that it would get truncated at 127/128 characters... However it auths properly if all 200 characters are specified and breaks if you chop off even one from the end.



[Thu 05/10/2007 23:32:58.35] +
F:\Dev\_EXPLOITS\DNSRPC>admod -b cn=normaluser,cn=users,dc=joe,dc=com -kerbenc unicodepwd::1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890

AdMod V01.10.00cpp Joe Richards (joe@xxxxxxxxxxx) February 2007

DN Count: 1
Using server: 2k3dc02.joe.com:389
Directory: Windows Server 2003

Modifying specified objects...
DN: cn=normaluser,cn=users,dc=joe,dc=com...

The command completed successfully


[Thu 05/10/2007 23:33:30.67] +
F:\Dev\_EXPLOITS\DNSRPC>auth /d joe /u normaluser /p 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567
89012345678901234567890123456789012345678901234567890

Auth V01.01.00cpp Joe Richards (joe@xxxxxxxxxxx) August 2001

Authenticating joe\normaluser
Logon Successful.

[Thu 05/10/2007 23:33:56.06] +
F:\Dev\_EXPLOITS\DNSRPC>auth /d joe /u normaluser /p 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567
8901234567890123456789012345678901234567890123456789

Auth V01.01.00cpp Joe Richards (joe@xxxxxxxxxxx) August 2001

Authenticating joe\normaluser
Logon failure: unknown user name or bad password.


[Thu 05/10/2007 23:33:58.81] +







--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Roger Abell [MVP] wrote:
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message news:OHaG3xqkHHA.5048@xxxxxxxxxxxxxxxxxxxxxxx
Last I checked, you have 256 bytes available which could be 256 ANSI characters or 128 2-Byte Unicode.

You are right on the 256 bytes, but it is a max size for the passwords
of 127 unicode char (which I have always assumed due to null term'd).
Whether there is a way to force use of Ascii and hence larger size
I doubt, at least I have never heard of it.

Roger


Roger Abell [MVP] wrote:
"Frank Saunders, MS-MVP OE/WM" <franksaunders@xxxxxxxx> wrote in message news:ONmtcqKkHHA.3452@xxxxxxxxxxxxxxxxxxxxxxx
<kenitaali@xxxxxxxxx> wrote in message news:1178538223.612868.218450@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,

If a password is for example 128bit, how long is it in characters (a-z
& A-Z)?
How can i calculate this?

If the password is "THISisMYpassword". How many bit password is it?

I think you're misinterpreting something. 128-bit security has nothing to do with the length of the password. It's the level of coding the security uses, to try to express it simply. But to take your question literally, the password if we store the password as 8-bit bytes it would be 14 characters, but usually it is encrypted before storing.

--
Frank Saunders, MS-MVP OE/WM
http://www.fjsmjs.com

Didn't Windows change to use of Unicode from Ascii for passwords
some time back, IIRC when the length was greatly increased in the
NT4 to W2k transition? If so, then these are 16 bit chars.

However, prior comments are right on. There is probably some
confusion here between cipher key lengths, password hashes as
stored, and passwords.

Roger

.

Relevant Pages

  • Re: Enhanced Unicode support for "Go" tools
    ... Right, you know ASCII? ... accent characters used in French and other European ... UNICODE isn't just about all the different alphabets out ... out wrongly because the character set the file was written in is ...
    (alt.lang.asm)
  • Re: ASCII Requires a Temporary Substitution During Encryption.
    ... ASCII has now been replaced by Unicode: ... makes ascii 00 and then the 94 standard characters ...
    (sci.crypt)
  • Re: Unicode Support
    ... > | single bit extra from ASCII for any ordinary ASCII characters... ... UNICODE character then check what "range" it's in with the table ... 7-bit ASCII characters are encoded in exactly the same way in UTF-8 ... All non-ASCII characters use a multi-byte sequence ...
    (alt.lang.asm)
  • Re: How to get the ascii code of Chinese characters?
    ... No. ASCII characters range is 0..127 while Unicode characters range is ... Actually, Unicode goes beyond 65535. ... non-"correct" representation is necessary anyway. ...
    (comp.lang.python)
  • Re: Unicode Support
    ... >> (I know this is a poor example, but think about other languages, eg ... First things first, when you register your RosAsm windows classes, you ... the messages with ANSI / UNICODE parameters in ANSI or UNICODE form... ... with their alphabet characters, as with the numbers and punctuation...so, ...
    (alt.lang.asm)
Loading