Re: 128 bit password
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 18 May 2007 06:11:00 -0700
I think that they just switched over all GUI to wide chars at some
point early in the W2k life. As stated, I do recall early MS docs
stating 255 max, but those were all cleansed out, probably even
before the great doc purge of the security initiative.
Roger
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:ODaieqLmHHA.2552@xxxxxxxxxxxxxxxxxxxxxxx
AdMod is ascii based, it doesn't write unicode. If I used the unicode
version of ldap_mod it would likely be limited to 127 unicode characters.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Roger Abell [MVP] wrote:
That's curious Joe. It certainly goes against the widely held
127 max based on experiences with the GUI. What API/method
are you using, specifically does it have variants for differently
typed pwd buffer and you use a non wide char type? I recall
back at W2k release the "word" was a 255 max, but that changed
IIRC not too many SPs into W2k life.
Roger
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:eYCgD23kHHA.4676@xxxxxxxxxxxxxxxxxxxxxxx
Hey Roger, see exhibit 1. I set a password that is 200 characters long.
Assumption would be that it would get truncated at 127/128 characters...
However it auths properly if all 200 characters are specified and breaks
if you chop off even one from the end.
[Thu 05/10/2007 23:32:58.35] +
F:\Dev\_EXPLOITS\DNSRPC>admod -b
cn=normaluser,cn=users,dc=joe,dc=com -kerbenc
unicodepwd::1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
AdMod V01.10.00cpp Joe Richards (joe@xxxxxxxxxxx) February 2007
DN Count: 1
Using server: 2k3dc02.joe.com:389
Directory: Windows Server 2003
Modifying specified objects...
DN: cn=normaluser,cn=users,dc=joe,dc=com...
The command completed successfully
[Thu 05/10/2007 23:33:30.67] +
F:\Dev\_EXPLOITS\DNSRPC>auth /d joe /u normaluser /p
123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567
89012345678901234567890123456789012345678901234567890
Auth V01.01.00cpp Joe Richards (joe@xxxxxxxxxxx) August 2001
Authenticating joe\normaluser
Logon Successful.
[Thu 05/10/2007 23:33:56.06] +
F:\Dev\_EXPLOITS\DNSRPC>auth /d joe /u normaluser /p
123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567
8901234567890123456789012345678901234567890123456789
Auth V01.01.00cpp Joe Richards (joe@xxxxxxxxxxx) August 2001
Authenticating joe\normaluser
Logon failure: unknown user name or bad password.
[Thu 05/10/2007 23:33:58.81] +
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Roger Abell [MVP] wrote:
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:OHaG3xqkHHA.5048@xxxxxxxxxxxxxxxxxxxxxxx
Last I checked, you have 256 bytes available which could be 256 ANSIYou are right on the 256 bytes, but it is a max size for the passwords
characters or 128 2-Byte Unicode.
of 127 unicode char (which I have always assumed due to null term'd).
Whether there is a way to force use of Ascii and hence larger size
I doubt, at least I have never heard of it.
Roger
Roger Abell [MVP] wrote:
"Frank Saunders, MS-MVP OE/WM" <franksaunders@xxxxxxxx> wrote in
message news:ONmtcqKkHHA.3452@xxxxxxxxxxxxxxxxxxxxxxx
<kenitaali@xxxxxxxxx> wrote in messageDidn't Windows change to use of Unicode from Ascii for passwords
news:1178538223.612868.218450@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,I think you're misinterpreting something. 128-bit security has
If a password is for example 128bit, how long is it in characters
(a-z
& A-Z)?
How can i calculate this?
If the password is "THISisMYpassword". How many bit password is it?
nothing to do with the length of the password. It's the level of
coding the security uses, to try to express it simply. But to take
your question literally, the password if we store the password as
8-bit bytes it would be 14 characters, but usually it is encrypted
before storing.
--
Frank Saunders, MS-MVP OE/WM
http://www.fjsmjs.com
some time back, IIRC when the length was greatly increased in the
NT4 to W2k transition? If so, then these are 16 bit chars.
However, prior comments are right on. There is probably some
confusion here between cipher key lengths, password hashes as
stored, and passwords.
Roger
.
- References:
- 128 bit password
- From: kenitaali
- Re: 128 bit password
- From: Frank Saunders, MS-MVP OE/WM
- Re: 128 bit password
- From: Roger Abell [MVP]
- Re: 128 bit password
- From: Joe Richards [MVP]
- Re: 128 bit password
- From: Roger Abell [MVP]
- Re: 128 bit password
- From: Joe Richards [MVP]
- Re: 128 bit password
- From: Roger Abell [MVP]
- Re: 128 bit password
- From: Joe Richards [MVP]
- 128 bit password
- Prev by Date: Re: Email from Microsoft (?)
- Next by Date: Re: avg versus avast
- Previous by thread: Re: 128 bit password
- Next by thread: Microsoft Takes on Google and Yahoo with Microsoft Adcenter and Adlabs
- Index(es):
Relevant Pages
|
