Re: NT4 password limited to 14 characters ?

Hello Pascal,

The answer lies in how Windows hashes and stores the passwords. There
are three mechanisms: LM (MD4), NTLM hash (MD4), and NTLMv2 (MD5).

LM has a maximum length of 14 characters. It breaks the password up
into two 7 character strings, makes both strings uppercase, and then
hashes the strings. Because of the length and because of the case
insensitivity, LM is very easy to break with brute force tools.

NTLM also has a maximum length of 14 characters. It hashes the
password as one 14 character chunk and does not change the characters
to uppercase. It is a little better than LM.

NTLMv2 has a maximum length of 127 Unicode characters or 254 Ascii
characters. Most systems use Unicode to support international
character sets, and thus 127 is the number you will see most often.

Windows NT4 will use either NTLM or NTLMv2. If at all possible in your
environment, set it to only use NTLMv2 (see 147706). Using "Net User"
may still default to 14 characters because the utility may not
recognize the change. Usrmgr should be fine, however.

Hope that helps,

J Wolfgang Goerlich


Microsoft Article 147706, How to disable LM authentication on Windows
NT
http://support.microsoft.com/kb/147706

On Jul 16, 5:24 am, Pascal <pasca...@xxxxxxxxxxxxxxxxxx> wrote:
Hi,

sorry for this "noob" question but is there a password limit on NT4
SP6a ?

Indeed, I am not able to define a password that has more than 14
characters length.

SOmetimes I am reading that the limit is 128 characters and sometimes
it is 14 characters.

Please someone could help me ? :)

Thank you

--
Pascal


.

Relevant Pages

  • [Full-disclosure] Re: What A Click! [Internet Explorer]
    ... > tell your windows to open .HTA files in notepad. ... > (since there are more ways to cover windows with malicious lookalikes). ... >> Using custom Microsoft Agent characters it is possible to cover any kind ... including security or download dialogs. ...
    (Full-Disclosure)
  • Re: How many bytes per Italian character?
    ... yes I know how to ask Windows CE how big a buffer I'm going to need. ... and characters in Italian are the same size as characters in English, ... So have you detected that WinCE will cause a buffer overrun? ... It is not an error to tell you a string might be longer than it actually ...
    (microsoft.public.vc.mfc)
  • Re: get wide character and multibyte character value
    ... How do you think the characters which requires more than 16-bit in UTF-16, ... it is why I think Windows has limitations to ... later added support for surrogate pairs, so what you see could depend ... Most of my code is handling text as UTF-8. ...
    (microsoft.public.vc.language)
  • Re: unicode in ruby
    ... wchar_t on MacOS X and Windows is UTF-16. ... composed characters (e.g., LOWERCASE E + COMBINING ACUTE ACCENT ... I do not care what Windows, OS X, or ICU uses. ... you can have arrays of strings. ...
    (comp.lang.ruby)
  • [Full-disclosure] What A Click! [Internet Explorer]
    ... Using custom Microsoft Agent characters it is possible to cover any kind of windows, including security or download dialogs. ... Because custom characters are fully scriptable, can have any kind of shape and are downloaded automaticly, this can be used as a flexible tool to cover and/or spoof any kind of window and lure the user to execute arbitrary code by performing one or two clicks (depening on security zone configuration and Windows version). ...
    (Full-Disclosure)